Lucene search
K

16793 matches found

CVE
CVE
added 2026/04/13 5:45 a.m.8 views

CVE-2026-6165

CVE-2026-6165 affects code-projects Vehicle Showroom Management System 1.0. The vulnerability resides in an unknown code path within /util/Login_check.php, where manipulating the argument ID can trigger SQL injection. Attacks can be launched remotely, and the exploit is publicly available (POC). ...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/09 1:15 a.m.2 views

CVE-2026-5829 code-projects Simple IT Discussion Forum content.php sql injection

A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument postid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/08 9:31 a.m.7 views

EUVD-2026-20160

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.27...

5.9AI score0.00253EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.15 views

CVE-2026-39479

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through = 1.1.20...

7.6CVSS0.00279EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.5 views

PT-2026-30446

Name of the Vulnerable Software and Affected Versions Song-Li cross browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a Description A vulnerability exists in Song-Li cross browser, potentially allowing for SQL injection. The issue affects an unknown part of the flask/uniquemachine app.py file...

8.6CVSS6.7AI score0.00376EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.8 views

MAC-SQL SQL注入漏洞

MAC-SQL is a multi-agent collaborative text-to-SQL framework developed by Bing’s individual developers. MAC-SQL has a SQL injection vulnerability, which stems from operations on parameters in the file core/agents.py, and could lead to SQL injection attacks...

6.5CVSS6.6AI score0.00196EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.5 views

Code-Projects Simple Laundry System SQL注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of Code-Projects Simple Laundry System contains a SQL...

9.8CVSS7.2AI score0.00333EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.8 views

Fortinet FortiClient EMS 7.4.4 SQLi (FG-IR-25-1142)

The version of Fortinet FortiClient EMS installed on the remote host is 7.4.4. It is, therefore, affected by a SQL injection vulnerability: - An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in FortiClientEMS 7.4.4 may allow an unauthenticated...

9.8CVSS7.8AI score0.94085EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/30 7:42 p.m.5 views

EUVD-2026-17206

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

4.9CVSS5.9AI score0.004EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.5 views

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 11:17 p.m.6 views

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS0.00392EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:25 p.m.6 views

CVE-2021-27320

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter...

7.5CVSS7.9AI score0.09299EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:23 p.m.11 views

CVE-2021-27946

SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. issue 1 of 3...

8.8CVSS8.1AI score0.04201EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:23 p.m.9 views

CVE-2021-27999

A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database...

4.9CVSS7.9AI score0.00841EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.11 views

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 have a SQL injection vulnerability. This vulnerability stems from the Data Table Get node, which may lead to data modification or deletion...

8.8CVSS5.9AI score0.00423EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 10:16 p.m.7 views

CVE-2026-4777

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file viewsupplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The...

6.5CVSS0.00245EPSS
Exploits1References5
CVE
CVE
added 2026/03/23 4:18 a.m.11 views

CVE-2026-4572

The CVE-2026-4572 entry identifies a vulnerability in SourceCodester Sales and Inventory System 1.0. The flaw affects the file /view_product.php, specifically the HTTP POST parameter searchtxt, where manipulation can lead to a SQL Injection. It is described as exploitable remotely and with a publ...

6.5CVSS6.5AI score0.00245EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/03/13 11:41 a.m.14 views

CVE-2026-31917

The CVE concerns the WordPress WP ERP plugin by weDevs (ERP component) with versions up to 1.16.10 exposed to SQL Injection due to improper neutralization of user input. The issue affects WP ERP from unspecified earlier versions through 1.16.10. The provided documents do not specify exploit detai...

8.5CVSS5.8AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24849

Name of the Vulnerable Software and Affected Versions xierongwkhd weimai-wetapp versions up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 Description A flaw exists in xierongwkhd weimai-wetapp. The issue affects the getLikeMovieList function within the file source-code/src/main/java/com/moke/wp/wx...

5.8CVSS5.7AI score0.0021EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/03/07 9:32 p.m.5 views

CVE-2026-3672 JeecgBoot getDictItems isExistSqlInjectKeyword sql injection

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References4
Rows per page
Query Builder