Lucene search
K

26046 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.7 views

CVE-2018-25415

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers can send GET requests to director.php with crafted SQL payloads in the director parameter to...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/30 2:55 p.m.14 views

CVE-2018-25415

AiOPMSD Final 1.0.0 is affected by an SQL injection via the director parameter. An unauthenticated attacker can send crafted SQL payloads to director.php (GET) to extract sensitive data such as usernames, database names, and version details. CVSS metrics: v3.1 base score 8.2 (HIGH) with Network v...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
CVE
CVE
added 2026/05/30 2:55 p.m.18 views

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection in admin/media.php via the id parameter. In the affected flow, an authenticated attacker can craft GET requests with module=pengurus and act=editpengurus to inject SQL UNION statements, enabling extraction of database information (usernames, database names,...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/30 2:55 p.m.30 views

CVE-2018-25410 SIM-PKH 2.4.1 SQL Injection via media.php id Parameter

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS0.00221EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/30 2:55 p.m.9 views

EUVD-2018-21933

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
NVD
NVD
added 2026/05/30 10:16 a.m.21 views

CVE-2026-9757

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

7.5CVSS0.00344EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/30 9:28 a.m.9 views

CVE-2026-9757 GEO my WP <= 4.5.5 - Unauthenticated SQL Injection via 'swlatlng' / 'nelatlng' Parameters

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/30 9:28 a.m.44 views

CVE-2026-9757 GEO my WP <= 4.5.5 - Unauthenticated SQL Injection via 'swlatlng' / 'nelatlng' Parameters

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

7.5CVSS0.00344EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/30 9:28 a.m.9 views

CVE-2026-9757

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References9
CVE
CVE
added 2026/05/30 6:0 a.m.20 views

CVE-2026-10110

The CVE-2026-10110 affects code-projects’ Student Details Management System 1.0. The vulnerability resides in an unknown function of /index.php, where manipulation of the roll argument enables SQL injection. Exploitation is possible remotely and a public exploit reportedly exists. Metrics indicat...

7.5CVSS5.7AI score0.00313EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/30 4:51 a.m.117 views

Exploit for SQL Injection in Litellm

CVE-2026-42208 — LiteLLM Pre-Authentication SQL Injection A l...

9.8CVSS6.1AI score0.84518EPSS
Exploits7
SUSE CVE
SUSE CVE
added 2026/05/30 2:6 a.m.14 views

SUSE CVE-2026-42944

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options 'nsid', 'answer-cookie', 'pad-responses' default need to be enabl...

7.5CVSS5.8AI score0.00842EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.9 views

MGB OpenSource Guestbook SQL注入漏洞

MGB OpenSource Guestbook is an open-source web-based message board system developed by MGB OpenSource. Version 0.7.0.2 of MGB OpenSource Guestbook has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, which may allow unauthenticated...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.13 views

PT-2026-45120

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.8 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the q parameter, which may allow unauthenticated attackers to execute arbitrary SQ...

8.8CVSS6.2AI score0.00276EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.15 views

PT-2026-45090

Name of the Vulnerable Software and Affected Versions GEO my WP versions prior to 4.5.6 Description The plugin is subject to SQL Injection, allowing unauthenticated attackers to append additional SQL queries to extract sensitive information from the database. The issue occurs because the swlatlng...

7.5CVSS5.6AI score0.00344EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.9 views

Student-Management-System SQL注入漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. Version 1.0 of Student-Management-System has a SQL injection vulnerability; this vulnerability stems from the email parameter on the login page, which may lead to remote attacks...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.11 views

PT-2026-45141

A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accounts report search of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument...

5.8CVSS5.7AI score0.00206EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.9 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, potentially allowing unauthenticated attackers to execute...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.10 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the quality parameter, potentially allowing unauthenticated attackers to execute...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
Rows per page
Query Builder