Lucene search
K

2812 matches found

Nuclei
Nuclei
added 19 hours ago84 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6.2AI score0.01875EPSS
Exploits1References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-41822

Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

8.7CVSS6.2AI score0.00437EPSS
Exploits0References2
EUVD
EUVD
added yesterday8 views

EUVD-2026-41786

A vulnerability was found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /payment.php. The manipulation of the argument patientid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References7
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-14764 code-projects Hotel and Tourism Reservation Event Management add_event.php sql injection

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/addevent.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection. The attack can be launched remotely. The...

7.5CVSS0.00269EPSS
Exploits0References6
NVD
NVD
added 2 days ago5 views

CVE-2026-14754

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/addroom.php. Executing a manipulation of the argument deleteimage/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. T...

7.5CVSS0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-14731 itsourcecode Hospital Management System patientreport.php sql injection

A weakness has been identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patientreport.php. Executing a manipulation of the argument editid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

6.5CVSS0.002EPSS
Exploits0References6
CVE
CVE
added 3 days ago12 views

CVE-2026-14653

SourceCodester Simple and Nice Shopping Cart Script 1.0 contains an SQL injection in /admin/mensproductdeletequery.php exposed by manipulating the user_id argument. The vulnerability is remotely exploitable (attack vector: NETWORK) with LOW to MEDIUM impacts per CVSS data: Confidentiality, Integr...

7.5CVSS6.8AI score0.00412EPSS
Exploits0References6
NVD
NVD
added 3 days ago5 views

CVE-2026-14641

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /editcourse.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit h...

7.5CVSS0.00416EPSS
Exploits0References7
CVE
CVE
added 3 days ago11 views

CVE-2026-14640

CVE-2026-14640 describes a SQL injection in CodeAstro Apartment Visitor Management System 1.0. The vulnerability is in the Login component, specifically an unknown function in /index.php, where manipulating the Username argument can lead to remote exploitation. The exploit is publicly available a...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-41399

A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41102

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS5.8AI score0.00247EPSS
Exploits0References2
CVE
CVE
added 6 days ago9 views

CVE-2026-34105

CVE-2026-34105 — Guardian Language-System : The vulnerability is in translate_text.php where the id GET parameter is directly interpolated into an unsanitized SQL query: SELECT id, filename, extension, type FROM files where id = '".$_GET['id']."'. This enables an error-based SQL injection, allowi...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 6:0 a.m.8 views

EUVD-2026-40263

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

8.6CVSS5.8AI score0.00262EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:29 p.m.6 views

CVE-2026-40522

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6AI score0.00148EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53759

Summary The checkUserPassword GraphQL query in Dgraph is vulnerable to DQL Dgraph Query Language injection. User-supplied password values are interpolated directly into a DQL checkpwd query via fmt.Sprintf without any escaping or parameterization. An attacker can inject a password containing a...

7.5CVSS6.2AI score
Exploits0References6
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56067

Unauthenticated SQL Injection in JetSmartFilters = 3.8.3 versions...

9.3CVSS0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.30 views

CVE-2026-57643 WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability

Contributor SQL Injection in WP Post Author = 3.9.1 versions...

8.5CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.11 views

CVE-2026-57631

CVE-2026-57631 affects the WordPress Popup box plugin (versions

7.6CVSS5.8AI score0.00279EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/25 2:9 p.m.5 views

WordPress JetEngine plugin <= 3.8.10.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad in WordPress Plugin JetEngine versions = 3.8.10.2...

9.3CVSS5.8AI score0.00236EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/25 1:17 p.m.32 views

CVE-2026-54836 WordPress Filter & Grids plugin <= 3.11.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5...

9.3CVSS0.00229EPSS
Exploits0References1
Rows per page
Query Builder