Lucene search
K

105396 matches found

EUVD
EUVD
added 2026/05/13 12:48 a.m.18 views

EUVD-2026-29871

The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

7.5CVSS5.9AI score0.00273EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 12:48 a.m.29 views

EUVD-2026-29850

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.10 views

PT-2026-40619

Joomla com hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40627

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

7.1CVSS5.9AI score0.00273EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Joomsky Joomla J2 JOBS SQL注入漏洞

Joomsky Joomla J2 JOBS is a Joomla recruitment and job posting management component provided by Joomsky Corporation. Version 1.3.0 of Joomsky Joomla J2 JOBS contains an SQL injection vulnerability. This vulnerability stems from authenticated SQL injection attacks, allowing authenticated attackers...

7.1CVSS5.9AI score0.00273EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.9 views

PT-2026-40598

Name of the Vulnerable Software and Affected Versions ELECOM wireless LAN access point devices affected versions not specified Description An OS command injection exists in the processing of the username parameter. This allows an unauthenticated attacker to execute arbitrary OS commands by sendin...

9.8CVSS7.5AI score0.01633EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40809

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...

9.3CVSS5.9AI score0.0054EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

Joomla com_fabrik 路径遍历漏洞

Joomla comfabrik is an extension developed by the Fabrik team, designed for building data forms, database applications, and business processes for Joomla websites. Version 3.9.11 of Joomla comfabrik contains a path traversal vulnerability. This vulnerability stems from directory traversal issues,...

8.7CVSS5.9AI score0.00716EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

Deciso OPNsense 参数注入漏洞

Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.7 contained a parameter injection vulnerability. This vulnerability stemmed from the XMLRPC method opnsense.restoreconfigsection, which failed to clean up the...

9.1CVSS6.1AI score0.00686EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.14 views

PT-2026-40620

Joomla com fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax files method with path traversal sequences to enumerate files in system directori...

8.7CVSS5.9AI score0.00716EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.9 views

PT-2026-40594

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'get content' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to include and...

8.8CVSS6.4AI score0.00625EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Flight 安全漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the unconditional acceptance of the X-HTTP-Method-Override header and the$REQUESTmethod parameter by the Request::getMethod method. This...

7.5CVSS5.8AI score0.0031EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.17 views

PT-2026-40600

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS5.8AI score0.00207EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

WordPress plugin ProfileGrid SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Flight 跨站脚本漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of Flight::jsonp, which directly connected the “?jsonp=” query parameter to the application/javascript response body. No...

8.6CVSS5.7AI score0.00341EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

qihang-wms SQL注入漏洞

Qihang-WMS is an intelligent warehousing management system developed by Qiliping’s individual developers. Qihang-WMS has a SQL injection vulnerability. This vulnerability stems from the SQL injection vulnerability present in the datascope parameter in the SysDeptMapper.xml file. It may allow...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

WordPress plugin Charitable SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.9AI score0.00281EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40580

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the get course id by function unconditionally trusting the user-supplied course GET parameter as the authoritative cour...

5.3CVSS5.7AI score0.00304EPSS
Exploits0References53
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40625

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

7.1CVSS5.9AI score0.00273EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:0 a.m.5 views

CVE-2026-37428

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

5.8AI score0.00209EPSS
Exploits0References3
Rows per page
Query Builder