Lucene search
K

216674 matches found

CVE
CVE
added 2026/03/20 1:32 p.m.7 views

CVE-2026-4485

CVE-2026-4485 affects itsourcecode College Management System 1.0. The vulnerability is an SQL injection in an unknown function handling the Search parameter of /admin/search_student.php, exploitable remotely. Public exploit exposure is indicated. CVSS details show multiple vectors/metrics (e.g., ...

6.5CVSS6.5AI score0.00246EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:32 p.m.5 views

CVE-2026-4485

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/searchstudent.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS5.7AI score0.00246EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/20 11:18 a.m.5 views

CVE-2026-33134

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

9.3CVSS0.00304EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/20 10:35 a.m.4 views

EUVD-2026-13678

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

9.3CVSS6AI score0.00304EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/20 10:35 a.m.28 views

CVE-2026-33134 WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

9.3CVSS0.00304EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:35 a.m.7 views

CVE-2026-33134

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

9.3CVSS6AI score0.00304EPSS
Exploits1References4Affected Software1
GithubExploit
GithubExploit
added 2026/03/20 10:35 a.m.211 views

Exploit for CVE-2026-22730

CVE-2026-22730 Scanner & Exploit – Spring AI MariaDB Vector Stor...

8.8CVSS5.9AI score0.00522EPSS
Exploits1
Patchstack
Patchstack
added 2026/03/20 9:53 a.m.7 views

WordPress Appointment Booking Calendar plugin <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter vulnerability

Unauthenticated SQL Injection via 'fields' Parameter vulnerability discovered by momopon1415 in WordPress Plugin Simply Schedule Appointments versions = 1.6.10.0...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/20 8:16 a.m.14 views

CVE-2026-33060

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...

5.7CVSS0.00289EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 7:21 a.m.16 views

CVE-2026-33060

The CVE-2026-33060 entry affects the CKAN MCP Server prior to version 0.4.85. The vulnerable components are the MCP server tools ckan_package_search, sparql_query, and ckan_datastore_search_sql, which accept a base_url parameter that can be used to make HTTP requests to arbitrary endpoints. The r...

5.7CVSS5.9AI score0.00289EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/20 7:21 a.m.4 views

CVE-2026-33060 CKAN MCP Server: SSRF via base_url allows access to internal networks

CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...

5.3CVSS5.8AI score0.00289EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/20 6:31 a.m.7 views

EUVD-2026-13589

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...

5.8CVSS5.8AI score0.00321EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/20 6:31 a.m.4 views

EUVD-2026-13563

A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admineditmenuaction.php. Such manipulation of the argument productname leads to sql injection. The attack may be performed from...

5.8CVSS5.7AI score0.00327EPSS
Exploits1References6
NVD
NVD
added 2026/03/20 6:16 a.m.6 views

CVE-2026-4473

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...

9.8CVSS0.00321EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/20 5:32 a.m.23 views

CVE-2026-4473 itsourcecode Online Doctor Appointment System appointment_action.php sql injection

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...

5.8CVSS0.00321EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/20 5:32 a.m.3 views

CVE-2026-4473

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...

5.8CVSS5.8AI score0.00321EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/03/20 5:16 a.m.1 views

CVE-2026-4472

A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admineditsupplier.php. The manipulation of the argument SupplierName leads to sql injection. The attack can be initiated remotely. The...

9.8CVSS0.00315EPSS
Exploits1References5
NVD
NVD
added 2026/03/20 5:16 a.m.7 views

CVE-2026-4470

A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this issue is some unknown functionality of the file /admin/admineditmenu.php. Performing a manipulation of the argument productname results in sql injection. It is possible to initiate the...

9.8CVSS0.00327EPSS
Exploits1References5
NVD
NVD
added 2026/03/20 5:16 a.m.3 views

CVE-2026-4469

A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admineditmenuaction.php. Such manipulation of the argument productname leads to sql injection. The attack may be performed from...

9.8CVSS0.00327EPSS
Exploits1References5
NVD
NVD
added 2026/03/20 5:16 a.m.10 views

CVE-2026-33025

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost method of Object.php. The $POST'sort' array keys are used directly as SQL column identifiers inside an ORDER BY clause. Although realescapestring was applied, it only escapes...

8.8CVSS0.00398EPSS
Exploits0References2
Rows per page
Query Builder