Lucene search
K

216708 matches found

Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.9 views

PT-2026-30497

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng profile id parameter. Attackers can send crafted requests with malicious SQL payloads in the mng profile id parameter to extract sensitive database...

8.8CVSS6AI score0.00311EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.3 views

PT-2026-30501

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id to delete parameter. Attackers can send crafted requests with malicious SQL statements in the id to delete field to extract or modify sensitive...

8.8CVSS6AI score0.00311EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.6 views

PT-2026-30422

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible...

6.5CVSS5.7AI score0.00246EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.7 views

PT-2026-30472

SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection...

7.1CVSS6AI score0.00342EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.9 views

KADOS SQL注入漏洞

KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this flaw allows attackers to manipulate database queries...

9.1CVSS5.8AI score0.00311EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.10 views

PT-2026-30478

qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the search by extrafields parameter. Attackers can send POST requests to the users endpoint with malicious search by extrafields values to trigger SQL syntax errors...

8.8CVSS6.1AI score0.00311EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.8 views

PT-2026-30471

ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched searches.php endpoint with crafted SQL payloads to extract...

8.8CVSS6.2AI score0.00422EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.9 views

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Versions of the PHPGurukul Online Shopping Portal Project 2.1 and earlier had a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter ...

6.5CVSS6.7AI score0.00255EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.5 views

PT-2026-30430

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a manipulation of the argument paymethod results in sql injection. It is possible to initiate the...

6.5CVSS6.4AI score0.00246EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.5 views

PT-2026-30415

A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.6 views

PT-2026-30408

A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check sel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection...

6.5CVSS5.6AI score0.00246EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.8 views

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project of PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “pid” in the...

6.5CVSS6.7AI score0.00246EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.5 views

PT-2026-30505

A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipulation results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

6.5CVSS5.7AI score0.00196EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/04 10:54 p.m.5 views

CVE-2026-27885

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability was discovered in Piwigo affecting the Activity List API endpoint. This vulnerability allows an authenticated administrator to extract sensitive data from the database, including...

7.2CVSS5.8AI score0.00364EPSS
Exploits1References1
Veracode
Veracode
added 2026/04/04 5:32 a.m.6 views

SQL Injection

alerta-server is vulnerable to SQL Injection. The vulnerability is due to direct interpolation of user-supplied query parameters into SQL statements without sanitization, which allows an attacker to inject and execute arbitrary SQL queries...

9.8CVSS6.1AI score0.00505EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/04/04 1:21 a.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the GET /api/v1/main/flows/search endpoint. An attacker can execute arbitrary operating system commands by injecting malicious SQL payloads that leverage PostgreSQL's COPY ... TO PROGRAM ... functionality after...

9.9CVSS6.2AI score0.00656EPSS
Exploits2References2
NVD
NVD
added 2026/04/03 11:17 p.m.3 views

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS0.00656EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.3 views

CVE-2026-5368

A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...

9.8CVSS6.8AI score0.00333EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 10:49 p.m.2 views

CVE-2026-34934

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

9.8CVSS5.8AI score0.00533EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 10:39 p.m.1 views

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS6.1AI score0.00656EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder