Lucene search
+L

2941 matches found

EUVD
EUVD
added 4 hours ago4 views

EUVD-2026-45392

A weakness has been identified in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /prescriptionrecord.php. This manipulation of the argument delid causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to...

6.5CVSS5.4AI score
Exploits0References6
Cvelist
Cvelist
added 9 hours ago10 views

CVE-2024-58362 SurrealDB before 1.5.5 Query Injection via RPC API

SurrealDB before 1.5.5 and 2.0.0-beta before 2.0.0-beta.3 accepts an arbitrary object in the signin and signup operations of the RPC API without recursively validating it for non-computed values. When a record access method defines a SIGNIN or SIGNUP query and the RPC API is exposed to untrusted...

8.8CVSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago15 views

ChurchCRM - SQL Injection

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...

9.8CVSS7.8AI score0.02386EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago55 views

Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS7AI score0.017EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago41 views

JS Help Desk <= 2.8.2 - SQL Injection

JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...

7.5CVSS5.6AI score0.01317EPSS
Exploits0References2
CVE
CVE
added yesterday22 views

CVE-2026-44739

CVE-2026-44739 (Pimcore) : SQL injection in the columnConfigAction flow of CustomReportsBundle enables an attacker with the reports_config permission to inject and execute arbitrary SELECT/UNION queries and leverage error-based exfiltration. Affected versions are prior to 11.5.17 (LTS) and 12.3.6...

8.7CVSS5.8AI score0.00027EPSS
Exploits0References4
NVD
NVD
added yesterday7 views

CVE-2026-9586

An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The /pa endpoint processes XML content beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated...

9.3CVSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-14782 Booking for Appointments and Events Calendar – Amelia <= 2.4.3 - Authenticated (Custom+) SQL Injection via Customer Import

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the Customer Import in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

4.9CVSS0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-13767 Quiz and Survey Master (QSM) <= 11.2.0 - Authenticated (Custom+) SQL Injection via 'pages' Parameter

The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied 'pages' parameter persisted by the qsmajaxsavepages AJAX handler sanitizetextfield only and lack o...

6.5CVSS0.00249EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2026-45535

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as $var and SqlparserUtils.handleVariableDefaultValue inserts them with String.replace without escaping or parameterizatio...

8.7CVSS0.00248EPSS
Exploits0References3
NVD
NVD
added 3 days ago4 views

CVE-2026-57832

The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection...

8.7CVSS0.00237EPSS
Exploits0References2
CVE
CVE
added 3 days ago9 views

CVE-2026-57831

CVE-2026-57831 describes an unauthenticated SQL injection in the Joomla extension DP Calendar (digital-peak.com) versions 8.18.0 through 10.11.2. The entry lists a high CVSS score (8.7) with network attack vector and no user interaction, indicating a potentially severe impact to confidentiality. ...

8.7CVSS6.1AI score0.00237EPSS
Exploits0References2
CVE
CVE
added 3 days ago14 views

CVE-2026-15804

The CVE-2026-15804 entry concerns MetaGuru’s HCM Product with a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands through specific parameters, compromising database confidentiality, integrity, and availability. The connected records confirm affected component as ...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago11 views

EUVD-2026-44584

Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...

5.9CVSS6.1AI score0.00314EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-11851

Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...

5.9CVSS0.00314EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-11851

CVE-2026-11851 is an SQL Injection vulnerability in the web management interface of certain ASUS router models. The root cause is improper neutralization of special elements in SQL commands. It can be exploited by a remote authenticated attacker with high privileges, without user interaction, to ...

5.9CVSS6.1AI score0.00314EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 4 days ago14 views

Security Updates for Microsoft SQL Server (July 2026)

The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over...

8.8CVSS6.2AI score0.01287EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-58770

Adobe Commerce is affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to execute malicious SQL...

7.2CVSS6.5AI score0.19924EPSS
Exploits0References3
NVD
NVD
added 5 days ago8 views

CVE-2026-61955

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی فرم فارسی: from n/a through = 3.0.2...

7.6CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-59515

CVE-2026-59515 affects the WordPress AIWU plugin (ai-copilot-content-generator) and is due to an improper neutralization of special elements in SQL commands , enabling Blind SQL Injection . Affected versions are WordPress AIWU plugin ≤ 1.5.4. The CVSS‑3.1 base score is 9.3 (CRITICAL) with network...

9.3CVSS6.1AI score0.0025EPSS
Exploits0References1
Rows per page
Query Builder