Lucene search
+L

1311 matches found

Nuclei
Nuclei
added 18 hours ago83 views

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10547 info: nam...

9.8CVSS8.6AI score0.36114EPSS
Exploits1References5
CVE
CVE
added yesterday13 views

CVE-2026-44969

dbt-mcp: CVE-2026-44969 involves logging of complete tool call arguments (including sql_query, vars, and node_selection) in plaintext when DBT_MCP_SERVER_FILE_LOGGING is enabled. The issue is present in earlier versions (e.g., v1.15.x) and fixed in v1.17.1. Connected sources confirm that argument...

2.5CVSS6.1AI score0.00012EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday36 views

CVE-2026-44969 dbt-mcp: Tool Arguments Including SQL Queries and Credentials Logged in Plaintext Without Redaction When File Logging Is Enabled

dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DbtMCP.calltool in src/dbtmcp/mcp/server.py logged the raw arguments dictionary at INFO level before each tool call and at ERROR level on exceptions, and configurefilelogging wrote those records to dbt-mcp.log...

2.5CVSS0.00012EPSS
Exploits0References4
NVD
NVD
added 2026/07/10 5:16 a.m.8 views

CVE-2026-15293

The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

8CVSS0.00348EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/10 4:31 a.m.7 views

CVE-2026-15293

The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

8CVSS6.3AI score0.00348EPSS
Exploits0References4
OSV
OSV
added 2026/07/09 6:18 p.m.1 views

SUSE-SU-2026:2824-1 Security update for alloy

This update for alloy fixes the following issues - CVE-2026-10722: github.com/cilium/ebpf: BTF string offset boundary check can lead to crash when parsing malformed ELF/BTF input bsc1267811. - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html:...

10CVSS6.8AI score0.00533EPSS
Exploits6References39
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-52144

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDashboard JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from improper...

8.8CVSS6.3AI score0.00689EPSS
Exploits0References7
CVE
CVE
added 2026/06/19 4:28 p.m.22 views

CVE-2017-20273

CVE-2017-20273 affects Joomla Event Registration Pro Calendar 4.1.3. The connected docs confirm an SQL injection vulnerability in index.php where the id parameter (via option=com_registrationpro&view=category&id) can be exploited unauthenticated to execute arbitrary SQL and extract sensitive data...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 12:0 p.m.32 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS0.0027EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49209

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS6.1AI score0.00302EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-46374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untruste...

7.5CVSS5.7AI score0.00263EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/09 11:16 p.m.10 views

PYSEC-2026-210

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

ThemeRig Listing Hub CMS SQL注入漏洞

ThemeRig Listing Hub CMS is a classification catalog and information publishing management system developed by ThemeRig Corporation. Version 1.0 of ThemeRig Listing Hub CMS contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter,...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References5
CVE
CVE
added 2026/06/01 9:0 p.m.19 views

CVE-2018-25433

Technical details for CVE-2018-25433 are not publicly available in the provided documents. Monitor for updates.

8.8CVSS6.1AI score0.00341EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Paroiciel SQL注入漏洞

Paroiciel is an parish management information system developed by the French company Paroiciel. Version 11.20 of Paroiciel contains a SQL injection vulnerability. This vulnerability stems from the zProIdPro parameter, which allows for SQL injections. This could enable authenticated attackers to...

7.1CVSS6.1AI score0.00273EPSS
Exploits0References4
NVD
NVD
added 2026/05/19 2:16 p.m.12 views

CVE-2026-42096

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

8.8CVSS0.00598EPSS
Exploits2References4
EUVD
EUVD
added 2026/05/19 12:59 p.m.11 views

EUVD-2026-30927

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

8.7CVSS6AI score0.00598EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/05/19 12:59 p.m.11 views

CVE-2026-42096 Broken Access Control in Sparx Pro Cloud Server

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

8.7CVSS6AI score0.00598EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:59 p.m.8 views

CVE-2026-42096

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

8.7CVSS6AI score0.00598EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.17 views

PT-2026-42042

Name of the Vulnerable Software and Affected Versions SQLFluff versions prior to 4.1.0 Description In deployments where untrusted users can provide SQL queries to be linted, a malicious user can submit a query with excessive nesting. This triggers a Denial of Service through resource exhaustion i...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References6
Rows per page
Query Builder