Lucene search
K

461486 matches found

CVE
CVE
added 1 hour ago5 views

CVE-2026-15804

The CVE-2026-15804 entry concerns MetaGuru’s HCM Product with a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands through specific parameters, compromising database confidentiality, integrity, and availability. The connected records confirm affected component as ...

8.8CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-44595

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

6.2AI score
Exploits0References2
CVE
CVE
added 7 hours ago6 views

CVE-2026-11851

CVE-2026-11851 is an SQL Injection vulnerability in the web management interface of certain ASUS router models. The root cause is improper neutralization of special elements in SQL commands. It can be exploited by a remote authenticated attacker with high privileges, without user interaction, to ...

5.9CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 7 hours ago8 views

EUVD-2026-44584

Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...

5.9CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-42447

CVE-2026-42447 affects jadx (Dex to Java decompiler). The HTML injection occurs in the Summary tab via SummaryNode.java, which unescapes and inserts path components from an APK’s .so file entries into HTML without escaping. A malicious APK with a crafted HTML URL-encoded ZIP entry name can render...

3.6CVSS6.2AI score
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-42049

CVE-2026-42049 affects jadx (Dex to Java decompiler). Before 1.5.6, exporting a decompiled APK as an Android Gradle project could cause the android:versionName from the manifest to be inserted into the generated app/build.gradle Groovy template without proper sanitization, enabling opening or bui...

8.4CVSS6.2AI score
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-48324

ColdFusion is affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.1CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-48322

ColdFusion is affected by an Improper Control of Generation of Code 'Code Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.6CVSS
Exploits0References1
CVE
CVE
added yesterday116 views

CVE-2026-46633

CVE-2026-46633 affects Twig (PHP template engine). Before 3.26.0, Compiler::string() does not escape single quotes when a template name from a {% use %} tag is inside a PHP single-quoted string literal, allowing a crafted template name to terminate the string and inject arbitrary PHP expressions ...

8.7CVSS6.2AI score0.00357EPSS
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-44554

ColdFusion is affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user...

8.5CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-44553

ColdFusion is affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.1CVSS6.5AI score
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-48322 ColdFusion | Improper Control of Generation of Code ('Code Injection') (CWE-94)

ColdFusion is affected by an Improper Control of Generation of Code 'Code Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.6CVSS
Exploits0References1
EUVD
EUVD
added yesterday3 views

EUVD-2026-44545

ColdFusion is affected by an Improper Control of Generation of Code 'Code Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.6CVSS6.5AI score
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-50650

Improper control of generation of code 'code injection' in .NET Framework allows an unauthorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-48347

Animate is affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...

7.7CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-48345

Animate is affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...

8.2CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-47992

Adobe Commerce is affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to execute malicious SQL...

7.2CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-15410

Post-authentication improper control of generation of code 'Code Injection' vulnerability has been identified in the SMA1000 Appliance Management Console AMC which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...

7.2CVSS
Exploits1References2
OSV
OSV
added yesterday2 views

MAL-2026-10613 Malicious code in ethereum-lib-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58bddf420dcb894a940b62fba777628f0c3a9d31dd7fa915afaea618c1914d52 Package [email protected] impersonates the widely-used ethereumjs-util library: the package name, README badge, repository, homepage, and auth...

6.2AI score
Exploits0References2
Cvelist
Cvelist
added yesterday8 views

CVE-2026-48345 Animate | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Animate is affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...

8.2CVSS
Exploits0References1
Rows per page
Query Builder