Lucene search
K

31086 matches found

Nuclei
Nuclei
added yesterday36 views

Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS6.7AI score0.01872EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday38 views

Academy Learning Management System <5.9.1 - Cross-Site Scripting

Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.4AI score0.02316EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday32 views

WordPress JobWP Plugin <= 2.3.9 - SQL Injection

The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwpuploadresume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS7.2AI score0.01549EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday40 views

MOVEit Transfer - SQL Injection

In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...

9.8CVSS7.3AI score0.96682EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday141 views

My Calendar WordPress Plugin - Information Disclosure

My Calendar WordPress plugin = 3.7.6 contains an injection vulnerability caused by unvalidated user input passed to parsestr in mcajaxmcjsaction endpoint, letting unauthenticated attackers access or crash sites via switchtoblog, exploit requires WordPress Multisite or Single Site setup. id:...

8.8CVSS5.9AI score0.00932EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-55635

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres without applying the SQL literal validation and escaping used by other filter paths,...

8.7CVSS0.00266EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago43 views

Online Event Booking and Reservation System 2.3.0 - SQL Injection

Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7.3AI score0.15806EPSS
Exploits3References5
NVD
NVD
added 3 days ago5 views

CVE-2026-14809

Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS0.00437EPSS
Exploits0References2
CVE
CVE
added 3 days ago12 views

CVE-2026-49099

Summary: CVE-2026-49099 affects the Apache Camel Salesforce component. Non-Camel header constants (e.g., sObjectQuery, apexUrl) bypass the HTTP header filter, allowing an unauthenticated HTTP client to influence internal behavior by setting operation parameters (SOQL/SOSL, SObject name/id, Apex U...

5.3CVSS6AI score0.00341EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41844

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

6.1AI score0.00385EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-49097

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

6.1AI score0.00428EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago11 views

CVE-2026-48203

CVE-2026-48203 affects Apache Camel’s Solr component. The vulnerability arises because SolrParam.* and SolrField.* headers are copied into Solr request parameters and indexed fields without respecting the Camel/HTTP header boundary, enabling an unauthenticated HTTP client to inject arbitrary Solr...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-48203 Apache Camel: Camel-Solr: The SolrParam. and SolrField. Exchange header prefixes used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to inject Solr query parameters (server-side request forgery) and document fields

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

0.0037EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago26 views

CVE-2026-14773 itsourcecode Hospital Management System payment.php sql injection

A vulnerability was found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /payment.php. The manipulation of the argument patientid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

6.5CVSS0.00204EPSS
Exploits0References6
NVD
NVD
added 4 days ago6 views

CVE-2026-14770

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /editroom.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may...

7.5CVSS0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-14768

A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
CVE
CVE
added 4 days ago12 views

CVE-2026-14766

CVE-2026-14766 affects CodeAstro Apartment Visitor Management System 1.0. The vulnerability targets the POST Parameter Handler, specifically the /apartment-visitor/search-result.php endpoint, where manipulation of the searchdata parameter leads to SQL injection. According to the sources, exploita...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6
NVD
NVD
added 4 days ago5 views

CVE-2026-14747

A vulnerability was detected in code-projects Real State Services 1.0. Affected by this vulnerability is an unknown functionality of the file /addprojectsale.php. The manipulation of the argument amen results in sql injection. The attack can be launched remotely...

7.5CVSS0.00269EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41750

A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-listrent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to t...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41749

A security flaw has been discovered in code-projects Real State Services 1.0. This affects an unknown function of the file /normalHomeRent.php. Performing a manipulation of the argument loc results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References6
Rows per page
Query Builder