Lucene search
K

26563 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57726

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through = 6.0.12...

9.3CVSS0.004EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57385

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in appsbd Vitepos vitepos-lite allows Blind SQL Injection.This issue affects Vitepos: from n/a through = 3.4.2...

8.5CVSS0.00357EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-43281

A vulnerability was identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patviewprescription.php. The manipulation of the argument delid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and mig...

6.5CVSS6.5AI score0.002EPSS
Exploits0References7
CVE
CVE
added yesterday13 views

CVE-2026-57771

CVE-2026-57771 concerns the WordPress plugin for Milan Petrovic’s GD Rating System. Connected sources confirm the vulnerability as a SQL Injection flaw in the GD Rating System plugin, affecting versions up to 3.7 (<=3.7). The root cause is improper neutralization of inputs used in SQL commands...

8.5CVSS6.1AI score0.00357EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-57739

CVE-2026-57739 affects the WordPress WordPress Plugin AcyMailing SMTP Newsletter (versions up to and including 10.11.0). The vulnerability is an SQL Injection caused by improper neutralization of special elements in an SQL command, allowing blind SQL injection. According to the provided metrics, ...

9.3CVSS6.1AI score0.004EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57714

CVE-2026-57714 is a SQL injection vulnerability in the WordPress LatePoint plugin (versions up to and including 5.6.3). The issue arises from improper neutralization of SQL elements, enabling Blind SQL Injection. The affected component is the LatePoint plugin for WordPress; no vendor/version deta...

9.3CVSS6.1AI score0.004EPSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-15542

This CVE affects will-moss Isaiah up to version 1.36.9, specifically the Websocket Connection Authentication component (file app/main.go). The underlying issue is in an unknown function that leads to improper authentication, with the attack described as remote. A fix is not yet merged; the pull r...

7.5CVSS6.5AI score0.00403EPSS
Exploits0References7
Nuclei
Nuclei
added yesterday16 views

Xdebug <= 2.5.5 - Command Injection

Xdebug = 2.5.5 contains an unauthenticated command injection caused by accepting debugger protocol commands without authentication when remote debugging is enabled, letting remote attackers execute arbitrary PHP code and system commands, exploit requires remote debugging enabled. id: CVE-2015-101...

9.3CVSS6.3AI score0.0503EPSS
Exploits1References6
Nuclei
Nuclei
added yesterday110 views

LMDeploy - Server-Side Request Forgery

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in the vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal or...

7.5CVSS6.3AI score0.4525EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday69 views

SuperWebmailer 7.21.0.01526 - Remote Code Execution

SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection. id: CVE-2020-11546 info: name: SuperWebmailer...

9.8CVSS7.6AI score0.3173EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday40 views

LibreChat <= 0.7.9 - HTML Injection via Accept-Language Header

danny-avila/librechat 0.7.9 contains a stored XSS caused by improper sanitization of the Accept-Language header, letting logged-in users inject arbitrary HTML into the html lang= tag, exploit requires user to be logged in. id: CVE-2025-8848 info: name: LibreChat marker"...

5.4CVSS6.2AI score0.00423EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday89 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6.2AI score0.01875EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday30 views

Apache2 - Transfer-Encoding Chunked XSS

Apache2 PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 contain a reflected cross-site scripting vulnerability caused by mishandling of chunked transfer-encoding requests in sapi/apache2handler/sapiapache2.c. Attackers can execute malicious scripts via crafted...

6.1CVSS6.7AI score0.04103EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday182 views

ISPConfig - PHP Code Injection

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled. id: CVE-2023-46818 info: name: ISPConfig - PHP Code Injection author: non-things severity: high description: | An issue was discovered...

7.2CVSS7AI score0.13894EPSS
Exploits14References4
Nuclei
Nuclei
added yesterday15 views

Vendure Core - SQL Injection

Vendure, an open-source headless commerce platform built on Node.js/TypeScript, contains a critical SQL injection vulnerability in its Shop API. The languageCode query parameter is interpolated directly into a raw SQL CASE expression in ProductService.findOneBySlug without parameterization or inp...

9.1CVSS6.4AI score0.01762EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday219 views

Adobe Experience Manager - Expression Language Injection

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 has an expression language injection vulnerability. id: CVE-2019-16469 info: name: Adobe Experience Manager - Expression Language Injection author: DomenicoVeneziano severity: high description: | Adobe Experience Manager versions...

7.5CVSS6.9AI score0.17186EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday6 views

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.8CVSS6.1AI score0.00181EPSS
Exploits0References2
Rockylinux
Rockylinux
added yesterday5 views

golang security, bug fix, and enhancement update

An update is available for golang. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...

9.6CVSS6.4AI score0.00478EPSS
Exploits0
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43229

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS6.1AI score0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-56281 Capgo - SQL Injection via Unvalidated limit Parameter in Admin Stats Endpoint

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS0.00197EPSS
Exploits0References2
Rows per page
Query Builder