Lucene search
+L

54 matches found

NVD
NVD
added 2026/07/04 10:16 p.m.10 views

CVE-2026-14657

A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This manipulation of the argument squestions causes sql injection. The attack can be initiated remotely. T...

6.5CVSS0.00319EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/04 9:45 p.m.47 views

CVE-2026-14657 code-projects Assessment Management Database Query marking-scheme.php sql injection

A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This manipulation of the argument squestions causes sql injection. The attack can be initiated remotely. T...

6.5CVSS0.00319EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/04 9:45 p.m.10 views

CVE-2026-14657

A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This manipulation of the argument squestions causes sql injection. The attack can be initiated remotely. T...

6.5CVSS6.4AI score0.00319EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.15 views

PT-2026-55737

Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description An SQL injection flaw exists in the Database Query Handler component due to improper processing of the /lecturer/marking-scheme.php endpoint. A remote attacker can exploit this by...

6.5CVSS6.7AI score0.00319EPSS
Exploits0References9
OSV
OSV
added 2026/06/26 8:43 a.m.6 views

BIT-GRAFANA-2026-42127 Pre-authentication denial of service in the public dashboard query endpoint

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access tok...

7.5CVSS6.1AI score0.00432EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.14 views

CVE-2026-9583

A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be...

5.3CVSS5.5AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

wvp-GB28181-pro SQL注入漏洞

WVP-GB28181-pro is a video monitoring platform developed by individual developer 648540858. Versions of WVP-GB28181-pro 2.7.4 and earlier have a SQL injection vulnerability. This vulnerability stems from a SQL injection vulnerability in the selectAll function within the Stream Proxy Query Handler...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.8 views

PT-2026-27208

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...

6.5CVSS5.5AI score0.00192EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.11 views

CVE-2026-2663

A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It ...

6.5CVSS5.4AI score0.00233EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 7:32 p.m.5 views

CVE-2026-2663 Alixhan xh-admin-backend Database Query query sql injection

A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It ...

6.5CVSS5.4AI score0.00233EPSS
Exploits0References3
CVE
CVE
added 2026/02/18 7:32 p.m.15 views

CVE-2026-2663

Summary: CVE-2026-2663 affects Alixhan xh-admin-backend v1.0–1.7.0 (unknown exact initial versions) due to vulnerable handling in the Database Query Handler for the endpoint /frontend-api/system-service/api/system/role/query, where argument manipulation enables SQL injection. This reportedly allo...

6.5CVSS5.4AI score0.00233EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/19 8:2 p.m.5 views

CVE-2025-11944 givanz Vvveb Raw SQL import.php import sql injection

A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and...

5.8CVSS7.3AI score0.00536EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/10/19 12:0 a.m.7 views

Vvveb SQL注入漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. A SQL injection vulnerability exists in Vvveb 1.0.7.3 and earlier versions, which stems from a SQL injection vulnerability in the Import function of the Raw SQL Handler...

7.2CVSS5.7AI score0.00536EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-12569

Malicious code in bioql PyPI...

5.1CVSS4.6AI score0.0028EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-44398

Malicious code in bioql PyPI...

7.5CVSS5AI score0.00519EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-4011

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom...

5.1CVSS4.4AI score0.0028EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.8 views

CVE-2023-27309

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.2. The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions...

8.8CVSS6.6AI score0.00476EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/30 8:37 a.m.16 views

CVE-2025-4011

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...

5.1CVSS6.3AI score0.0028EPSS
Exploits0References1
OSV
OSV
added 2025/04/28 9:15 a.m.1 views

DEBIAN-CVE-2025-4011

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...

5.1CVSS3.1AI score0.0028EPSS
Exploits0References1
OSV
OSV
added 2025/04/28 9:15 a.m.6 views

CVE-2025-4011

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to...

3.5CVSS6.3AI score
Exploits0References6
Rows per page
Query Builder