Lucene search
+L

235839 matches found

CVE
CVE
added 1 hour ago8 views

CVE-2026-60137

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the authornotin parameter of WPQuery, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter...

9.1CVSS5.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 1 hour ago4 views

CVE-2026-60137 WordPress < 7.0.2 - Facilitated SQL Injection via author__not_in in WP_Query

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the authornotin parameter of WPQuery, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter...

5.9AI score
Exploits0References2
CVE
CVE
added 1 hour ago6 views

CVE-2026-63030

WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the authornotin WPQuery SQL Injection CVE-2026-60137, could allow an attacker to perform SQL Injection and achieve Remote Code Execution...

7.5CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added 1 hour ago6 views

CVE-2026-63030 WordPress < 7.0.2 - REST API batch-route confusion and SQL injection issue leading to Remote Code Execution

WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the authornotin WPQuery SQL Injection CVE-2026-60137, could allow an attacker to perform SQL Injection and achieve Remote Code Execution...

Exploits0References2
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-60137 WordPress < 7.0.2 - Facilitated SQL Injection via author__not_in in WP_Query

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the authornotin parameter of WPQuery, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter...

Exploits0References2
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-44739 Pimcore: SQL Injection in Custom Reports Column Configuration

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.6, the columnConfigAction endpoint in bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php passes malicious SQL configuration through CustomReportController:columnConfigAction,...

8.7CVSS0.00027EPSS
Exploits0References4
CVE
CVE
added 2 hours ago5 views

CVE-2026-12283

CVE-2026-12283 affects Amazon Athena Query Federation's Synapse connector (aws-athena-query-federation) v2022.20.1–v2026.19.1. The issue is improper neutralization of elements in an SQL command within the Synapse connector, which could let an authenticated remote user execute injected read-only S...

6.8CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-12283 SQL injection in Amazon Athena Synapse connector

Amazon Athena is a serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL. Athena Query Federation is a feature that allows you to connect to data sources outside of Amazon S3 like DynamoDB, Azure Synapse, and custom connectors using standard SQL...

6.8CVSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 hours ago4 views

CVE-2026-12283 SQL injection in Amazon Athena Synapse connector

Amazon Athena is a serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL. Athena Query Federation is a feature that allows you to connect to data sources outside of Amazon S3 like DynamoDB, Azure Synapse, and custom connectors using standard SQL...

6.8CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-8297 SQLi in GIS Informatics' GisLab Laboratory Management System

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: fr...

9.8CVSS
Exploits0References1
NVD
NVD
added 6 hours ago5 views

CVE-2025-60357

AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injection vulnerability via the eventlog/agentEvent/list endpoint...

8.1CVSS
Exploits1References2
Cvelist
Cvelist
added 8 hours ago10 views

CVE-2026-16014 code-projects Hospital Bed Management System Login Form sql injection

A vulnerability was found in code-projects Hospital Bed Management System 1.0. This affects an unknown part of the component Login Form. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and...

7.5CVSS
Exploits0References6
EUVD
EUVD
added 8 hours ago6 views

EUVD-2026-45167

A vulnerability was found in code-projects Hospital Bed Management System 1.0. This affects an unknown part of the component Login Form. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and...

7.5CVSS7.1AI score
Exploits0References6
NVD
NVD
added 8 hours ago7 views

CVE-2026-16009

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS
Exploits0References6
Vulnrichment
Vulnrichment
added 9 hours ago4 views

CVE-2026-16009 itsourcecode Hospital Management System prescriptionorderdetail.php sql injection

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS6.4AI score
Exploits0References6
EUVD
EUVD
added 9 hours ago6 views

EUVD-2026-45162

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS6.5AI score
Exploits0References6
Nuclei
Nuclei
added 16 hours ago216 views

WordPress Perfect Survey <1.5.2 - SQL Injection

Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection. id: CVE-2021-24762 info: name: WordPress Perfect Survey 1.5.2 - SQL...

9.8CVSS8.6AI score0.86896EPSS
Exploits7References4
Nuclei
Nuclei
added 16 hours ago191 views

GLPI 10.0.10-10.0.14 - SQL Injection

GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. id: CVE-2024-29889 info: name: GLPI 10.0.10-10.0.14 - SQL Injection autho...

8.1CVSS8.5AI score0.6296EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago38 views

Gogs (Go Git Service) - SQL Injection

Multiple SQL injection vulnerabilities in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to 1 api/v1/repos/search, which is not properly handled in models/repo.go, or 2 api/v1/users/search, which is...

7.5CVSS6.3AI score0.33391EPSS
Exploits5References6
Nuclei
Nuclei
added 16 hours ago8 views

MISP < 2.5.37 - SQL Injection

MISP before 2.5.37 is vulnerable to SQL injection via the order parameter in EventsController. The POST body order value is passed directly into ORDER BY clauses without validation. id: CVE-2026-44381 info: name: MISP 2.5.37 - SQL Injection author: malcha severity: medium description: | MISP befo...

9.3CVSS5.6AI score0.0054EPSS
Exploits0References3
Rows per page
Query Builder