Lucene search
K

105389 matches found

Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.8 views

CVE-2025-29338

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

6AI score0.00183EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

WordPress plugin Avada Builder SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00511EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

CubeCart SQL注入漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a SQL injection vulnerability. This vulnerability occurred because the administrator’s order transaction list page constructed the original ORDER BY SQL fragment from the $GETsort array,...

4.9CVSS5.9AI score0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.8 views

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

5.8AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40564

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00281EPSS
Exploits0References8
CVE
CVE
added 2026/05/13 12:0 a.m.16 views

CVE-2026-37429

The CVE-2026-37429 entry concerns qihang-wms: commit 75c15a contains a SQL injection vulnerability in the SysUserMapper.xml via the datascope parameter. The vulnerability could allow an attacker to retrieve sensitive data including PII through crafted SQL statements. CVSSv3.1 base score is 6.5 (M...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

HDWPlayer Joomla com_hdwplayer SQL注入漏洞

HDWPlayer Joomla comhdwplayer is a Joomla video player component developed by HDWPlayer Inc. Version 4.2 of HDWPlayer Joomla comhdwplayer contains a SQL injection vulnerability. This vulnerability stems from an SQL injection issue in the search.php file. It may allow unauthenticated attackers to...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:0 a.m.7 views

CVE-2025-29338

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

6AI score0.00183EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/13 12:0 a.m.37 views

CVE-2026-37428

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

0.00209EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:0 a.m.11 views

CVE-2026-37428

The CVE-2026-37428 entry concerns qihang-wms with a SQL injection via the datascope parameter in SysDeptMapper.xml. The root cause is a vulnerable query construction in that mapper; impact per sources is potential exposure of sensitive data, including users’ PII. The connected documents confirm t...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.6 views

CVE-2026-37428

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

5.8AI score0.00209EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40610

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Flight 跨站脚本漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of Flight::jsonp, which directly connected the “?jsonp=” query parameter to the application/javascript response body. No...

8.6CVSS5.7AI score0.00341EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

qihang-wms SQL注入漏洞

Qihang-WMS is an intelligent warehousing management system developed by Qiliping’s individual developers. Qihang-WMS has a SQL injection vulnerability. This vulnerability stems from the SQL injection vulnerability present in the datascope parameter in the SysDeptMapper.xml file. It may allow...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

WordPress plugin Charitable SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.9AI score0.00281EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40580

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the get course id by function unconditionally trusting the user-supplied course GET parameter as the authoritative cour...

5.3CVSS5.7AI score0.00304EPSS
Exploits0References53
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Deciso OPNsense 参数注入漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.8 had a parameter injection vulnerability. This vulnerability stemmed from uncleaned user input being passed into DHCP...

9.1CVSS6.2AI score0.00531EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

JupyterLab 参数注入漏洞

JupyterLab is an open-source extension for interactive and reproducible computing environments, based on Jupyter Notebooks and their architecture. Versions 4.0.0 to 4.5.6 of JupyterLab contain a parameter injection vulnerability. This vulnerability arises from improper execution of the allowlist...

8.8CVSS5.9AI score0.0053EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

qihang-wms SQL注入漏洞

Qihang-WMS is an intelligent warehousing management system developed by Qiliping’s individual developers. The Qihang-WMS version 75c15a has a SQL injection vulnerability. This vulnerability stems from the SQL injection vulnerability present in the datascope parameter in the SysUserMapper.xml file...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 11:16 p.m.22 views

CVE-2026-44347

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on t...

6.5CVSS0.00133EPSS
Exploits1References1
Rows per page
Query Builder