Lucene search
K

2876 matches found

EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-41774

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/addevent.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection. The attack can be launched remotely. The...

7.5CVSS5.8AI score
Exploits0References6
CVE
CVE
added 9 hours ago6 views

CVE-2026-14751

The vulnerability CVE-2026-14751 targets mjperpinosa stumasy via SQL injection in Notes_controller::search_scratch_data (file application/PHP/objects/notes/search_scratch_data.php). The exploit arises from manipulating the argument field_name, enabling remote execution of SQL. Public exploit is s...

6.5CVSS6.4AI score
Exploits0References6
EUVD
EUVD
added 9 hours ago7 views

EUVD-2026-41756

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notescontroller::accessingdictionaryauthorization of the file application/PHP/objects/notes/accessingdictionaryauthorization.php. The manipulation of the...

7.5CVSS6.8AI score
Exploits0References6
CVE
CVE
added 11 hours ago10 views

CVE-2026-14745

Affected product: code-projects Real State Services 1.0. The vulnerability resides in the function handling the parameter in the file /single-list_rent.php, where manipulation of the ID argument leads to SQL injection. This can be exploited remotely; the exploit has been made publicly available. ...

7.5CVSS6.9AI score
Exploits0References6
EUVD
EUVD
added 14 hours ago8 views

EUVD-2026-41739

A weakness has been identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patientreport.php. Executing a manipulation of the argument editid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

6.5CVSS6.6AI score
Exploits0References6
Nuclei
Nuclei
added 19 hours ago53 views

Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS6.7AI score0.017EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago38 views

JS Help Desk <= 2.8.2 - SQL Injection

JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...

7.5CVSS6AI score0.01317EPSS
Exploits0References2
Nuclei
Nuclei
added 19 hours ago12 views

ChurchCRM - SQL Injection

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...

9.8CVSS7.2AI score0.02177EPSS
Exploits1References3
EUVD
EUVD
added 21 hours ago7 views

EUVD-2026-41711

A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulation of the argument apartmentno results in sql injection. The attack may be launched remotely. The...

6.5CVSS6.5AI score
Exploits0References6
EUVD
EUVD
added yesterday6 views

EUVD-2026-41692

A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function testinput of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible to...

7.5CVSS6.8AI score
Exploits0References6
CVE
CVE
added yesterday8 views

CVE-2026-14638

Summary of the CVE-2026-14638 : A flaw exists in itsourcecode Hospital Management System 1.0, affecting an unknown function in the file /patient.php. Manipulation of the argument editid enables a possible SQL injection . The attack surface is described as remote, and the exploit has been publishe...

6.5CVSS6.5AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2024-58352

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS6.2AI score0.00564EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago10 views

EUVD-2026-41390

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device...

9.9CVSS5.8AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41387

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 3 days ago6 views

CVE-2026-57756

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS0.0022EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41308

Contributor SQL Injection in iNET Webkit 1.2.4 versions...

8.5CVSS5.8AI score0.0029EPSS
Exploits0References1
NVD
NVD
added 3 days ago8 views

CVE-2026-13357

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...

4.9CVSS0.00288EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-54647

Name of the Vulnerable Software and Affected Versions Mediawiki - Cargo Extension versions prior to 1.43.9 Mediawiki - Cargo Extension versions prior to 1.44.6 Mediawiki - Cargo Extension versions prior to 1.45.4 Description Improper neutralization of special elements used in an SQL command leads...

6.9CVSS5.8AI score0.00255EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-13766 DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers

DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor but never quotechar, so SQL::Abstract emits identifiers verbatim. Caller-supplied identifiers orderby, where-claus...

0.0035EPSS
Exploits0References2
OSV
OSV
added 6 days ago5 views

PYSEC-2026-439 ormar is vulnerable to SQL Injection through aggregate functions min() and max()

Report of SQL Injection Vulnerability in Ormar ORM A SQL Injection attack can be achieved by passing a crafted string to the min or max aggregate functions. Brief description When performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly int...

9.8CVSS7.8AI score0.00915EPSS
Exploits2References7
Rows per page
Query Builder