Lucene search
+L

196 matches found

OSV
OSV
added 2025/08/07 8:59 a.m.9 views

BIT-MOODLE-2025-26533 SQL injection risk in course search module list filter

An SQL injection risk was identified in the module list filter within course search...

9.8CVSS8.3AI score0.00435EPSS
Exploits0References3
OSV
OSV
added 2025/08/06 5:49 a.m.5 views

BIT-MOODLE-2024-43436 Moodle: site administration sql injection via xmldb editor

A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators...

7.2CVSS7.1AI score0.00646EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/04 12:0 a.m.10 views

Amazon Linux 2023 : php8.4, php8.4-bcmath, php8.4-cli (ALAS2023-2025-1113)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1113 advisory. fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could resul...

7.5CVSS6.9AI score0.00953EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2025/08/04 12:0 a.m.11 views

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-1088)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1088 advisory. fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could resul...

7.5CVSS6.9AI score0.00953EPSS
Exploits2References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/21 1:52 p.m.16 views

Security Bulletin: Multiple Vulnerabilities Affected for EDB

Summary Multiple Vulnerabilities Affected for EDB has been addressed for EDB PostgreSQL with IBM and EDB Postgres Advanced Server with IBM Vulnerability Details CVEID:CVE-2025-1094 DESCRIPTION: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral,...

8.8CVSS8.3AI score0.89914EPSS
Exploits10Affected Software2
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.5 views

PT-2025-28393 · Sinec Nms · Sinec Nms

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0 Description: A vulnerability has been identified that makes the affected devices vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server...

9CVSS8AI score0.0046EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/07 12:0 a.m.6 views

PT-2025-28219 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.3 Description: A critical issue was identified in WeGIA, a web manager for charitable institutions. The /html/funcionario/profile funcionario.php endpoint is vulnerable due to the id funcionario parameter not being...

9.8CVSS7AI score0.00488EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/06/22 12:0 a.m.6 views

PT-2025-26557 · Unknown · Simple Pizza Ordering System

Name of the Vulnerable Software and Affected Versions: Simple Pizza Ordering System version 1.0 Description: A critical issue has been found in the Simple Pizza Ordering System. This issue affects the /salesreport.php file and is related to the manipulation of the dayfrom argument, leading to SQL...

9.8CVSS7.5AI score0.00394EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.7 views

PT-2025-24441 · Code Projects · Code-Projects Chat System

Name of the Vulnerable Software and Affected Versions: code-projects Chat System versions up to 1.0 Description: A critical issue affects the processing of the file /user/confirm password.php. The manipulation of the cid argument leads to SQL injection. The attack can be initiated remotely...

9.8CVSS6.9AI score0.00408EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.6 views

PT-2025-24031 · WordPress · Wp Online Users Stats

Name of the Vulnerable Software and Affected Versions: WP Online Users Stats plugin for WordPress versions up to and including 1.0.0 Description: The issue allows authenticated attackers with Editor-level access or higher to inject additional SQL queries into existing ones, potentially extracting...

4.9CVSS6.9AI score0.00315EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/06/03 12:0 a.m.14 views

PT-2025-23594 · WordPress · Woocommerce Ultimate Gift Card

Name of the Vulnerable Software and Affected Versions: Ultimate Gift Cards for WooCommerce plugin for WordPress versions prior to 3.1.5 Description: The issue is related to boolean-based SQL Injection via the default price and product id parameters. This is due to insufficient escaping of...

4.9CVSS5.4AI score0.0032EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 8:5 a.m.7 views

CVE-2024-12170

The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries...

5.4CVSS7.1AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:31 a.m.10 views

CVE-2023-5285

A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENTID leads to sql injection. The attack can be launched remotely. The...

7.5CVSS7.5AI score0.00624EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:32 a.m.10 views

CVE-2022-4152

The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pro WordPress plugin before 19.1.5 do not escape the optionid POST parameter before concatenating it to an SQL query in edit-options.php. This may allow malicious users with at least author privilege to leak sensitive information...

6.5CVSS6.8AI score0.00854EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:2 a.m.7 views

CVE-2022-4355

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS7.3AI score0.00874EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:38 p.m.11 views

CVE-2022-4157

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgoptionid POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges i.e. on multisite...

4.9CVSS6.8AI score0.00883EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:30 p.m.15 views

CVE-2021-21929

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prodfilter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery...

7.7CVSS7.3AI score0.01144EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.7 views

CVE-2021-24626

The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, removecss, also does not sanitise or escape the cssid POST...

8.8CVSS7AI score0.00712EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.8 views

CVE-2021-24791

The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections...

7.2CVSS7.2AI score0.05124EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.8 views

CVE-2021-24625

The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category...

7.2CVSS7.5AI score0.01467EPSS
Exploits2References1
Rows per page
Query Builder