Lucene search
K

105410 matches found

Cvelist
Cvelist
added 2026/05/13 12:0 a.m.34 views

CVE-2025-29338

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

0.00183EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.10 views

PT-2026-40604

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

5.8AI score0.00209EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40616

WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with malicious pack values to include unintended PHP...

6.8CVSS6AI score0.00246EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.8 views

CVE-2025-29338

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

6AI score0.00183EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

WordPress plugin Avada Builder SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00511EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

CubeCart SQL注入漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a SQL injection vulnerability. This vulnerability occurred because the administrator’s order transaction list page constructed the original ORDER BY SQL fragment from the $GETsort array,...

4.9CVSS5.9AI score0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.8 views

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

5.8AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40564

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00281EPSS
Exploits0References8
CVE
CVE
added 2026/05/13 12:0 a.m.16 views

CVE-2026-37429

The CVE-2026-37429 entry concerns qihang-wms: commit 75c15a contains a SQL injection vulnerability in the SysUserMapper.xml via the datascope parameter. The vulnerability could allow an attacker to retrieve sensitive data including PII through crafted SQL statements. CVSSv3.1 base score is 6.5 (M...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

HDWPlayer Joomla com_hdwplayer SQL注入漏洞

HDWPlayer Joomla comhdwplayer is a Joomla video player component developed by HDWPlayer Inc. Version 4.2 of HDWPlayer Joomla comhdwplayer contains a SQL injection vulnerability. This vulnerability stems from an SQL injection issue in the search.php file. It may allow unauthenticated attackers to...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:0 a.m.7 views

CVE-2025-29338

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

6AI score0.00183EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/13 12:0 a.m.37 views

CVE-2026-37428

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

0.00209EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:0 a.m.11 views

CVE-2026-37428

The CVE-2026-37428 entry concerns qihang-wms with a SQL injection via the datascope parameter in SysDeptMapper.xml. The root cause is a vulnerable query construction in that mapper; impact per sources is potential exposure of sensitive data, including users’ PII. The connected documents confirm t...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.6 views

CVE-2026-37428

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

5.8AI score0.00209EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40610

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Joomsky Joomla J2 JOBS SQL注入漏洞

Joomsky Joomla J2 JOBS is a Joomla recruitment and job posting management component provided by Joomsky Corporation. Version 1.3.0 of Joomsky Joomla J2 JOBS contains an SQL injection vulnerability. This vulnerability stems from authenticated SQL injection attacks, allowing authenticated attackers...

7.1CVSS5.9AI score0.00273EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Deciso OPNsense 参数注入漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Versions of Decivo OPNsense prior to 26.1.8 had a parameter injection vulnerability. This vulnerability stemmed from uncleaned user input being passed into DHCP...

9.1CVSS6.2AI score0.00531EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

JupyterLab 参数注入漏洞

JupyterLab is an open-source extension for interactive and reproducible computing environments, based on Jupyter Notebooks and their architecture. Versions 4.0.0 to 4.5.6 of JupyterLab contain a parameter injection vulnerability. This vulnerability arises from improper execution of the allowlist...

8.8CVSS5.9AI score0.0053EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

qihang-wms SQL注入漏洞

Qihang-WMS is an intelligent warehousing management system developed by Qiliping’s individual developers. The Qihang-WMS version 75c15a has a SQL injection vulnerability. This vulnerability stems from the SQL injection vulnerability present in the datascope parameter in the SysUserMapper.xml file...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.14 views

PT-2026-40620

Joomla com fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax files method with path traversal sequences to enumerate files in system directori...

8.7CVSS5.9AI score0.00716EPSS
Exploits0References5
Rows per page
Query Builder