Lucene search
K

216708 matches found

Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.8 views

PT-2026-30484

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view...

8.8CVSS6.2AI score0.00465EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.7 views

MAC-SQL SQL注入漏洞

MAC-SQL is a multi-agent collaborative text-to-SQL framework developed by Bing’s individual developers. MAC-SQL has a SQL injection vulnerability, which stems from operations on parameters in the file core/agents.py, and could lead to SQL injection attacks...

6.5CVSS6.6AI score0.00196EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.6 views

PT-2026-30428

A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

6.5CVSS6.3AI score0.00255EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.8 views

SuiteCRM SQL注入漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Version 7.10.7 of SuiteCRM has a SQL injection vulnerability. This vulnerability stems from the record parameter in the DetailView operation of the Users module, which involves time-based SQL injections. This...

7.1CVSS5.9AI score0.00342EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.9 views

CodeAstro Online Classroom SQL注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from incorrect operations with the parameter deleteid in files like OnlineClassroom/addassessment.php, which...

6.5CVSS6.7AI score0.00266EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.10 views

PT-2026-30450

A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotel...

6.5CVSS5.7AI score0.00246EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.5 views

PT-2026-30453

Name of the Vulnerable Software and Affected Versions zongyu09 openchatbi versions up to 0.2.1 Description A flaw exists in the Multi-stage Text2SQL Workflow component of zhongyu09 openchatbi. Manipulation of the keywords argument can result in SQL injection. This issue can be exploited remotely...

6.5CVSS6.5AI score0.00256EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.4 views

PT-2026-30435

A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some unknown functionality of the file /delmemberinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack may be launche...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.9 views

Frostmourne SQL注入漏洞

Frostmourne is a multi-data source monitoring and alerting system developed by AutohomeCorp. Versions of Frostmourne 1.0 and earlier contain SQL injection vulnerabilities, which stem from the SQL injection vulnerability in the httpTest function located in the...

6.5CVSS6.7AI score0.00246EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.5 views

PT-2026-30446

Name of the Vulnerable Software and Affected Versions Song-Li cross browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a Description A vulnerability exists in Song-Li cross browser, potentially allowing for SQL injection. The issue affects an unknown part of the flask/uniquemachine app.py file...

8.6CVSS6.7AI score0.00376EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.8 views

PT-2026-30412

A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation of the argument firstName leads to sql injection. The attack can be launched remotely. The exploit...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.8 views

Montala ResourceSpace SQL注入漏洞

Montala ResourceSpace is an open-source digital asset management tool developed by Montala Company in the UK. It enables users to organize their digital assets. Version 8.6 of Montala ResourceSpace contains a SQL injection vulnerability. This vulnerability stems from the ref parameter being...

8.8CVSS6.1AI score0.00422EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.9 views

itsourcecode Online Enrollment System SQL注入漏洞

itsourcecode Online Enrollment System is an open-source online registration system developed by itsourcecode. Version 1.0 of the itsourcecode Online Enrollment System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the USERID parameter in the...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.6 views

PT-2026-30425

A weakness has been identified in code-projects Concert Ticket Reservation System 1.0. This affects an unknown part of the file /ConcertTicketReservationSystem-master/login.php of the component Parameter Handler. Executing a manipulation of the argument Email can lead to sql injection. The attack...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.8 views

Code-Projects Simple Laundry System SQL注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of the code-projects Simple Laundry System contains a SQL...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.3 views

PT-2026-30447

A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /OnlineClassroom/addassessment.php of the component Parameter Handler. Performing a manipulation of the argument deleteid results in sql injection. The attack is possible to be carried...

6.5CVSS5.7AI score0.00266EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.8 views

SuiteCRM SQL注入漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Version 7.10.7 of SuiteCRM has a SQL injection vulnerability. This vulnerability stems from the parentTab parameter, which allows for SQL injections. It is possible for authenticated attackers to manipulate...

7.1CVSS5.8AI score0.00342EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.12 views

PHPGurukul User Registration & Login and User Management System SQL注入漏洞

PHPGurukul User Registration & Login and User Management System is a user registration, login, and management system developed by PHPGurukul Corporation. Version 3.3 of the PHPGurukul User Registration & Login and User Management System has a SQL injection vulnerability. This vulnerability arises...

6.5CVSS6.6AI score0.00196EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.9 views

PT-2026-30421

A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. The manipulation of the argument email results in sql injection. The attack may be launched remotel...

7.5CVSS5.8AI score0.00259EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.5 views

PT-2026-30499

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modi...

8.8CVSS6AI score0.00398EPSS
Exploits1References5
Rows per page
Query Builder