Lucene search
K

1152 matches found

CNNVD
CNNVD
added 2026/06/01 12:0 a.m.8 views

SourceCodester Pharmacy Sales and Inventory System 安全漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Versions of the SourceCodester Pharmacy Sales and Inventory System prior to version 1.0 contained security vulnerabilities. These vulnerabilities were...

5.8CVSS5AI score0.00248EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.78 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.30 contained a security vulnerability, which was caused by a problem with the sanitizeenvlines function in the hermescli/config.py file. This vulnerability...

6.3CVSS5.8AI score0.00266EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/30 2:55 p.m.9 views

CVE-2018-25417 AiOPMSD Final 1.0.0 SQL Injection via quality.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers can send GET requests to quality.php with crafted SQL payloads in the quality parameter to extrac...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.13 views

CVE-2026-9383

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-45006

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

7.1CVSS5.8AI score0.00017EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 7:44 a.m.10 views

CVE-2026-40811 Unauthenticated SQLi in ssoabstractservice

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.9 views

PT-2026-43642

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.7.29...

8.5CVSS5.8AI score0.00253EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/24 1:13 p.m.77 views

sql-injection

sql-injection python tool that...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.7 views

bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/14 3:10 a.m.8 views

CVE-2026-46445

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-41014

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified Description Improper input handling under certain conditions allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. T...

4.3CVSS5.4AI score0.00173EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/13 8:50 p.m.19 views

EUVD-2026-30168

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...

9.3CVSS5.9AI score0.0054EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.11 views

EUVD-2026-29896

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...

7.2CVSS6AI score0.00375EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 1:28 p.m.24 views

CVE-2026-27851

The CVE-2026-27851 issue affects openSUSE openSUSE Tumbleweed dovecot24-2.4.4-1.1. The root cause is when a safe filter is used with variable expansion, causing all following pipelines on the same string to be treated as safe, which can let unsafe data be unescaped. This can enable SQL and LDAP i...

9.1CVSS5.8AI score0.00406EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.9 views

PT-2026-40008

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 1:30 a.m.21 views

CVE-2026-8125

The affected software is code-projects Simple Chat System 1.0. Vulnerable component: sendMessage.php. Root cause: improper validation of argument type/length/business parameter validity leading to SQL injection. Attack could be launched remotely and the exploit is publicly available. CVSS metrics...

6.5CVSS6.5AI score0.0025EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.29 views

CVE-2026-37431

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

0.0026EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

JeecgBoot 注入漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier have a vulnerability related to injection attacks. This vulnerability stems from the parameter condition handled by the JSON object processor in the...

6.5CVSS6.7AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/06 8:22 p.m.9 views

CVE-2026-38428

Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. As a result, attackers can inject arbitrary SQL expressions into the...

9.8CVSS6AI score0.00367EPSS
Exploits1References1
OSV
OSV
added 2026/05/05 9:48 p.m.5 views

GHSA-WPG9-53FQ-2R8H Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection

Impact This vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps query operators in $eq to neutralize them. However, prior to the fix, $nor was not included in the set of logical operators that...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References5
Rows per page
Query Builder