Lucene search
K

216673 matches found

Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.4 views

PT-2026-26850

The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or blogname', 'or blogdescription', and 'or admin email' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation o...

8.8CVSS5.9AI score0.00341EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26924

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

8.8CVSS6.2AI score0.00338EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.6 views

PT-2026-26830

The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sort by' and 'sort order' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.2CVSS5.9AI score0.00354EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.6 views

PT-2026-26948

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology retriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been...

5.3CVSS5.8AI score0.00136EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.3 views

PT-2026-26838

The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn wp access' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the get user access...

7.5CVSS5.9AI score0.00364EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.8 views

WordPress plugin ElementCamp SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.7 views

WordPress plugin CMS Commander SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

8.8CVSS5.9AI score0.00341EPSS
Exploits0References3
NVD
NVD
added 2026/03/20 11:16 p.m.2 views

CVE-2026-4508

A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely...

7.5CVSS0.00259EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:32 p.m.2 views

CVE-2026-4508

A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/03/20 10:32 p.m.10 views

CVE-2026-4508

CVE-2026-4508 affects PbootCMS up to version 3.2.12. The vulnerability resides in the Member Login flow, specifically the function checkUsername in apps/home/controller/MemberController.php, where manipulation of the Username argument leads to a SQL injection. The issue can be triggered remotely;...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:2 p.m.2 views

CVE-2026-4507

A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function askdb of the file mindsql/core/mindsqlcore.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/20 9:31 p.m.3 views

EUVD-2026-13804

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References5
OSV
OSV
added 2026/03/20 8:55 p.m.2 views

GHSA-C38G-MX2C-9WF2 Ory Keto has a SQL injection via forged pagination tokens

Description The GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in secrets.pagination. An attacker who knows this secret can craft their own tokens, including malicious token...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/20 8:55 p.m.7 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the GetRelationships API when a forged pagination token is provided. An attacker can execute arbitrary SQL queries by submitting crafted pagination tokens if the secrets.pagination configuration is not set or is known ...

8.6CVSS6.2AI score0.00229EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/20 8:55 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the GetRelationships API when a forged pagination token is provided. An attacker can execute arbitrary SQL queries by submitting crafted pagination tokens if the secrets.pagination configuration is not set or is known ...

8.6CVSS6.2AI score0.00229EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/20 8:55 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the GetRelationships API when a forged pagination token is provided. An attacker can execute arbitrary SQL queries by submitting crafted pagination tokens if the secrets.pagination configuration is not set or is known ...

8.6CVSS6.2AI score0.00229EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/20 8:55 p.m.6 views

Ory Keto has a SQL injection via forged pagination tokens

Description The GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in secrets.pagination. An attacker who knows this secret can craft their own tokens, including malicious token...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/20 8:54 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the listCourierMessages function in handler.go. An attacker in possession of the configured secrets.pagination with access to the ListCourierMessages API can execute arbitrary SQL queries by forging a pagination token...

7.2CVSS6.1AI score0.00252EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/20 8:54 p.m.9 views

Ory Kratos has a SQL injection via forged pagination tokens

Description The ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in secrets.pagination. An attacker who knows this secret can craft their own tokens, including...

7.2CVSS6.2AI score0.00252EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/20 8:54 p.m.3 views

GHSA-HGX2-28F8-6G2R Ory Kratos has a SQL injection via forged pagination tokens

Description The ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in secrets.pagination. An attacker who knows this secret can craft their own tokens, including...

7.2CVSS6.2AI score0.00252EPSS
Exploits0References3
Rows per page
Query Builder