Lucene search
K

652 matches found

CVE
CVE
added 2026/03/24 10:22 p.m.7 views

CVE-2026-4779

CVE-2026-4779 affects SourceCodester Sales and Inventory System 1.0. The vulnerability arises from manipulating the HTTP GET parameter sid in update_customer_details.php, causing an SQL injection. It can be exploited remotely, and public PoCs/exploits are available according to the sources. Affec...

8.8CVSS6.5AI score0.00361EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/24 9:42 p.m.24 views

CVE-2026-4777 SourceCodester Sales and Inventory System POST Parameter view_supplier.php sql injection

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file viewsupplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The...

6.5CVSS0.00245EPSS
Exploits1References5
NVD
NVD
added 2026/03/24 12:16 a.m.3 views

CVE-2026-4614

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...

6.5CVSS0.00192EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/23 6:30 p.m.5 views

EUVD-2026-14475

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/23 4:18 a.m.33 views

CVE-2026-4572 SourceCodester Sales and Inventory System HTTP POST Request view_product.php sql injection

A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /viewproduct.php of the component HTTP POST Request Handler. Executing a manipulation of the argument searchtxt can lead to sql injection. The attack m...

6.5CVSS0.00245EPSS
Exploits1References5
NVD
NVD
added 2026/03/20 8:16 p.m.2 views

CVE-2026-4504

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

7.5CVSS0.00254EPSS
Exploits0References4
CVE
CVE
added 2026/03/16 11:2 a.m.18 views

CVE-2026-4235

CVE-2026-4235 affects itsourcecode Online Enrollment System 1.0. The vulnerability is an SQL injection in /sms/login.php via the user_email parameter, exploitable remotely over the network (no authentication). The cited exploit is PROOF-OF-CONCEPT. Impact is described in metrics as CONFIDENTIALIT...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.7 views

PT-2026-25633

A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage employee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might ...

7.5CVSS7AI score0.00446EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/03/11 3:50 p.m.6 views

CVE-2026-1497

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

7.2CVSS5.8AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/09 7:54 p.m.6 views

CVE-2026-3755

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /checkcustomerdetails.php of the component POST Handler. Executing a manipulation of the argument stockname1 can lead to sql injection. The attack can be launched remotely...

8.8CVSS5.8AI score0.00301EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/08 8:2 p.m.4 views

CVE-2026-3765 itsourcecode University Management System att_single_view.php sql injection

A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /attsingleview.php. Such manipulation of the argument dt leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

7.5CVSS5.8AI score0.00323EPSS
Exploits1References5
OSV
OSV
added 2026/03/08 6:15 p.m.5 views

CVE-2026-3756

A vulnerability was identified in SourceCodester Sales and Inventory System up to 1.0. Affected is an unknown function of the file /checkitemdetails.php. The manipulation of the argument stockname1 leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...

8.8CVSS5.7AI score0.00301EPSS
Exploits1References5
CVE
CVE
added 2026/03/08 5:32 p.m.11 views

CVE-2026-3755

CVE-2026-3755 affects SourceCodester Sales and Inventory System 1.0, specifically the POST Handler. The vulnerability is a SQL injection in the file /check_customer_details.php caused by manipulating the argument stock_name1 (also reported in variations like stock name1). It can be exploited remo...

8.8CVSS6.5AI score0.00301EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/08 5:2 p.m.4 views

CVE-2026-3752

A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler. This manipulation of the argument Date causes sql injection. It is possible to initiate the...

5.8CVSS5.7AI score0.00313EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.6 views

PT-2026-23986

Name of the Vulnerable Software and Affected Versions EasyCMS versions prior to 1.7 Description A security flaw exists in EasyCMS that allows for remote SQL injection. The issue is located within the Request Parameter Handler component, specifically in the file /RbacuserAction.class.php...

8.8CVSS6.5AI score0.00276EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/03/05 7:30 p.m.5 views

CVE-2026-20002

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this...

8.1CVSS6AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/23 7:26 a.m.7 views

CVE-2026-2912

A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument testid results in sql injection. It is possible to launch the attack remotely. Th...

9.8CVSS5.5AI score0.0033EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.8 views

PT-2026-21478

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References5
CVE
CVE
added 2026/02/20 2:2 a.m.18 views

CVE-2026-2820

The vulnerability CVE-2026-2820 affects Fujian Smart Integrated Management Platform System (firmware/version up to 7.5). The issue lies in processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx where manipulating the DeviceIDS argument triggers an SQL injection. Attack vector i...

7.5CVSS5.5AI score0.00344EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/19 1:32 a.m.32 views

CVE-2026-2691 itsourcecode Event Management System manage_register.php sql injection

A vulnerability has been found in itsourcecode Event Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manageregister.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS0.00416EPSS
Exploits1References5
Rows per page
Query Builder