Lucene search
K

652 matches found

CVE
CVE
added 2026/01/18 1:2 p.m.19 views

CVE-2026-1120

CVE-2026-1120 affects Yonyou KSOA 9.0. The vulnerable element is the HTTP GET Parameter Handler in /worksheet/del_work.jsp; manipulating the ID parameter yields SQL injection. The issue is remotely exploitable and the exploit has been publicly disclosed. Vendors were contacted early but did not r...

9.8CVSS6.6AI score0.00448EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/01/18 11:15 a.m.6 views

CVE-2026-1118

A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/addactivity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...

9.8CVSS5.8AI score0.00323EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/17 6:2 p.m.4 views

CVE-2026-1050 risesoft-y9 Digital-Infrastructure REST Authenticate Endpoint Y9PlatformUtil.java sql injection

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

7.5CVSS5.3AI score0.00364EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/12 12:2 a.m.31 views

CVE-2026-0852 code-projects Online Music Site AdminUpdateUser.php sql injection

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been...

7.5CVSS0.00326EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:39 a.m.8 views

CVE-1999-0734

A default configuration of CiscoSecure Access Control Server ACS allows remote users to modify the server database without authentication...

7.5CVSS7AI score0.01418EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/06 1:13 p.m.16 views

CVE-2026-0591

A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument id/qty leads to sql injection. It is possible to launch t...

6.5CVSS7.2AI score0.00315EPSS
Exploits1References1
CVE
CVE
added 2026/01/05 1:32 p.m.23 views

CVE-2026-0592

CVE-2026-0592 affects code-projects Online Product Reservation System 1.0, specifically the User Registration Handler’s register_code.php. The vulnerability is a SQL injection caused by manipulating input fields (fname, lname, address, city, province, country, zip, tel_no, email, username) in the...

9.8CVSS7.2AI score0.00379EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/01/05 10:2 a.m.15 views

CVE-2026-0585

The CVE-2026-0585 entry concerns code-projects Online Product Reservation System 1.0. It identifies a vulnerability in the GET Parameter Handler, specifically manipulating the transaction_id argument in /order_view.php to trigger SQL injection. The flaw is exploitable remotely and has publicly di...

9.8CVSS7.3AI score0.00379EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/04 11:32 p.m.4 views

CVE-2025-15447

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The research...

7.2AI score0.00035EPSS
Exploits0References4
CVE
CVE
added 2026/01/02 1:2 a.m.15 views

CVE-2025-15421

CVE-2025-15421 affects Yonyou KSOA 9.0. The flaw is in the HTTP GET Parameter Handler, specifically the manipulation of the parameter ID in the file /worksheet/agent_worksadd.jsp, leading to SQL injection. The vulnerability is remotely exploitable and the exploit is public. Multiple sources confi...

9.8CVSS7.4AI score0.00384EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/01/01 7:15 p.m.4 views

CVE-2025-15409

A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Deleteproduct.php. Executing a manipulation of the argument delpro can lead to sql injection. The attack may be performed from remote. The exploit...

9.8CVSS0.0038EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/31 12:2 a.m.10 views

CVE-2025-15210

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationalitynid leads to sql injection. The attack may be launched remotely. Th...

9.8CVSS7.2AI score0.00315EPSS
Exploits1References1
CVE
CVE
added 2025/12/30 10:2 a.m.10 views

CVE-2025-15243

CVE-2025-15243 affects Simple Stock System 1.0 via /market/login.php where manipulating the Username parameter enables SQL injection. Remote exploitation is possible and exploits have been published. Multiple sources describe the vulnerability and its potential impact on confidentiality, integrit...

9.8CVSS7.2AI score0.00412EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/12/29 11:2 p.m.13 views

CVE-2025-15209

CVE-2025-15209 affects code-projects Refugee Food Management System 1.0, specifically the /home/editfood.php handling of the a/b/c/d argument. The issue is a SQL injection caused by manipulating these parameters, with remote exploitation and a publicly available exploit. Multiple connected source...

9.8CVSS6.4AI score0.00309EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/12/29 11:15 a.m.2 views

CVE-2025-15184

A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

9.8CVSS5.7AI score0.00315EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.10 views

PT-2025-53713

Name of the Vulnerable Software and Affected Versions Refugee Food Management System version 1.0 Description A flaw exists in Refugee Food Management System version 1.0 that allows for remote SQL injection. The issue is located in the file /home/addusers.php. Manipulation of the a argument can le...

9.8CVSS7AI score0.00326EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/12/26 3:22 a.m.12 views

CVE-2025-15075

A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /studentp.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the...

9.8CVSS7.1AI score0.00389EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/25 12:0 a.m.5 views

PT-2025-53388

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0 that allows for remote SQL injection. The issue is located in the file /list report.php and involves manipulation of the...

9.8CVSS7.1AI score0.0033EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/12/22 3:23 a.m.4 views

CVE-2025-14990

A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The explo...

9.8CVSS7.2AI score0.00326EPSS
Exploits1References1
OSV
OSV
added 2025/12/22 12:15 a.m.6 views

CVE-2025-15003

A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file adminvideo.php. Performing a manipulation of the argument eid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used...

7.2CVSS5.7AI score0.00313EPSS
Exploits1References4
Rows per page
Query Builder