Lucene search
K

8425 matches found

CVE
CVE
added 2026/07/04 6:15 p.m.20 views

CVE-2026-14640

CVE-2026-14640 describes a SQL injection in CodeAstro Apartment Visitor Management System 1.0. The vulnerability is in the Login component, specifically an unknown function in /index.php, where manipulating the Username argument can lead to remote exploitation. The exploit is publicly available a...

7.5CVSS6.8AI score0.00263EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.17 views

PT-2026-55724

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /edit course.php endpoint where manipulation of the ID variable allows for remote SQL injection. SQL injection is a technique where malicious SQL...

7.5CVSS7.1AI score0.00416EPSS
Exploits0References11
NVD
NVD
added 2026/07/03 10:16 a.m.10 views

CVE-2026-4321

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...

9.8CVSS0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 8:54 a.m.33 views

CVE-2026-4321 SQLi in Raera's Destekz

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the produ...

9.8CVSS0.00266EPSS
Exploits0References1
Fedora
Fedora
added 2026/07/03 12:56 a.m.7 views

[SECURITY] Fedora 44 Update: mysql8.4-8.4.10-1.fc44

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

7.5CVSS5.8AI score0.00471EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55520

Name of the Vulnerable Software and Affected Versions Destekz versions through 02062026 Description An SQL injection issue exists where user input is passed into database queries without proper sanitization. This allows a remote, unauthenticated attacker to inject arbitrary SQL commands over the...

9.8CVSS6.1AI score0.00266EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

IBM App Connect Enterprise 12.0.1.x < 12.0.12.27 / 13.0.1.x < 13.0.8.0 SQL Injection (7278350)

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of. Note that Nessus has not tested for this issue but has instead relied...

5.5CVSS6AI score0.00183EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 5:5 p.m.22 views

CVE-2024-58352

Landray OA contains an unauthenticated HQL injection via the wechatLoginHelper.do endpoint. An attacker can inject malicious HQL into the uid parameter, abusing the string-concatenated filter expression passed to Hibernate findList() to query arbitrary entity classes. This can lead to extraction ...

8.7CVSS6.2AI score0.00564EPSS
In wildExploits0References4
NVD
NVD
added 2026/07/02 3:17 p.m.8 views

CVE-2026-56841

A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device...

8.8CVSS0.00249EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 3:17 p.m.10 views

CVE-2026-50747

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device...

9.9CVSS0.00274EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 2:50 p.m.12 views

EUVD-2026-41399

A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device...

8.8CVSS5.8AI score0.00249EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 2:49 p.m.12 views

CVE-2026-50747

The CVE-2026-50747 entry concerns the UniFi Talk Application. It describes an authenticated SQL Injection vulnerability that could be leveraged by an attacker with network access and low privileges to escalate privileges on the host device. The issue is characterized as high-severity (CVSS v3.1 b...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/02 11:15 a.m.8 views

EUVD-2026-41296

Contributor SQL Injection in Custom Field Template = 2.7.8 versions...

8.5CVSS5.8AI score0.0022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-55232

Name of the Vulnerable Software and Affected Versions UniFi Talk Application affected versions not specified Description An authenticated user with low privileges and network access can exploit SQL Injection flaws to escalate privileges on the host device. SQL Injection is a technique where...

9.9CVSS6AI score0.00274EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/01 5:30 p.m.9 views

EUVD-2026-41102

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS5.8AI score0.00283EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 p.m.8 views

CVE-2026-34105

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translatetext.php line 15: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:15 p.m.18 views

CVE-2026-34105

CVE-2026-34105 — Guardian Language-System : The vulnerability is in translate_text.php where the id GET parameter is directly interpolated into an unsanitized SQL query: SELECT id, filename, extension, type FROM files where id = '".$_GET['id']."'. This enables an error-based SQL injection, allowi...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:13 p.m.8 views

CVE-2026-34104

Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 8:17 p.m.7 views

CVE-2026-13772

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

9.9CVSS0.00283EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:21 p.m.7 views

EUVD-2026-40387

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

7.5CVSS6.1AI score0.00283EPSS
Exploits0References1
Rows per page
Query Builder