Lucene search
K

196 matches found

Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.16 views

Moodle 4.5.x < 4.5.2 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.16 or 4.3.x prior to 4.3.10 or 4.4.x prior to 4.4.6 or 4.5.x prior to 4.5.2. It is, therefore, affected by multiple vulnerabilities. - An SQL injection risk was identified in the module list filte...

10CVSS7AI score0.00749EPSS
Exploits1References30
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.12 views

Moodle 4.1.x < 4.1.16 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.16 or 4.3.x prior to 4.3.10 or 4.4.x prior to 4.4.6 or 4.5.x prior to 4.5.2. It is, therefore, affected by multiple vulnerabilities. - An SQL injection risk was identified in the module list filte...

10CVSS7AI score0.00749EPSS
Exploits1References28
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.12 views

Moodle 4.0.x < 4.0.9 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.22, 3.11.x prior to 3.11.15, 4.0.x prior to 4.0.9 or 4.1.x prior to 4.1.4. It is, therefore, affected by multiple vulnerabilities. - An issue in the logic used to check 0.0.0.0 against the cURL...

7.5CVSS8.4AI score0.00825EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.7 views

PT-2025-15383 · WordPress · 3Dprint Lite

Name of the Vulnerable Software and Affected Versions: 3DPrint Lite plugin for WordPress versions up to, and including, 2.1.3.6 Description: The issue arises from insufficient escaping on the user-supplied printer text parameter and lack of sufficient preparation on the existing SQL query, making...

4.9CVSS6.4AI score0.00386EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.5 views

PT-2025-15380 · WordPress · 3Dprint Lite

Name of the Vulnerable Software and Affected Versions: 3DPrint Lite plugin for WordPress versions up to, and including, 2.1.3.6 Description: The issue arises from insufficient escaping on the user-supplied infill text parameter and lack of sufficient preparation on the existing SQL query, making ...

4.9CVSS9.7AI score0.00379EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.7 views

PT-2025-15445 · Unknown +1 · Crud-Query-Parser +1

Name of the Vulnerable Software and Affected Versions: crud-query-parser versions prior to 0.1.0 Description: The crud-query-parser library is affected by an issue where improper neutralization of the order/sort parameter in the TypeORM adapter allows SQL injection. This issue impacts users who a...

9.3CVSS7.2AI score0.0034EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2025/04/07 12:0 a.m.10 views

3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text'

Description The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'materialtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

4.9CVSS7.5AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/04 9:40 a.m.10 views

CVE-2024-12410

The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

4.9CVSS7.9AI score0.00424EPSS
Exploits0References1
OSV
OSV
added 2025/04/03 2:6 p.m.7 views

BIT-DOLIBARR-2022-4093 SQL Injection in dolibarr/dolibarr

SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In...

9.8CVSS9AI score0.03954EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/03/27 12:0 a.m.6 views

CVE-2025-25686

semcms =5.0 is vulnerable to SQL Injection in SEMCMSFuction.php...

8.3AI score0.00475EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/24 1:19 p.m.25 views

CVE-2025-2186

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and...

7.5CVSS7.9AI score0.0042EPSS
Exploits0References1
NVD
NVD
added 2025/03/22 1:15 p.m.16 views

CVE-2025-2186

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and...

7.5CVSS0.0042EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/21 11:27 a.m.8 views

CVE-2025-2511

The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS7.3AI score0.00328EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/17 12:0 a.m.9 views

PT-2025-11549 · Unknown · Code-Projects Online Class/Exam Scheduling System

Name of the Vulnerable Software and Affected Versions: code-projects Online Class and Exam Scheduling System version 1.0 Description: A critical issue has been found in the system, affecting the processing of the file /pages/activate.php. The manipulation of the id argument leads to SQL injection...

7.2CVSS5.2AI score0.00458EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/03/16 8:18 a.m.11 views

CVE-2024-13321

The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'customsql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handlegetstats function. This makes it possible for unauthenticated attackers to append additional SQL...

9.8CVSS7.8AI score0.00436EPSS
Exploits0References1
CVE
CVE
added 2025/03/13 1:45 a.m.59 views

CVE-2025-2106

CVE-2025-2106 : Technical details from connected sources confirm an unauthenticated SQL Injection in the WordPress plugin ArielBrailovsky-ViralAd, affecting all versions up to 1.0.8. The vulnerability arises from insufficient escaping of user-supplied input in the limpia() function, enabling an a...

7.5CVSS7.7AI score0.0042EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/11 10:47 a.m.25 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-11187 DESCRIPTION: It is possible to construct a zone such that some queries ...

9.8CVSS9.5AI score0.89914EPSS
Exploits17Affected Software1
CVE
CVE
added 2025/03/07 8:21 a.m.47 views

CVE-2024-12609

CVE-2024-12609 affects the WordPress plugin School Management System for Wordpress (

6.5CVSS7.5AI score0.00359EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/03/07 7:15 a.m.13 views

CVE-2024-13320

The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wcfilterpricemetawhere' parameter in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

7.5CVSS0.00373EPSS
Exploits0References2
Amazon
Amazon
added 2025/03/06 12:0 a.m.8 views

Important: postgresql16

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

8.1CVSS8.8AI score0.89914EPSS
Exploits10
Rows per page
Query Builder