Lucene search
K

216682 matches found

Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.6 views

PT-2026-26789

Name of the Vulnerable Software and Affected Versions Ory Keto affected versions not specified Description The GetRelationships API in Ory Keto is susceptible to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

PbootCMS SQL注入漏洞

PbootCMS is an open-source enterprise website content management system developed using the PHP language. Versions of PbootCMS 3.2.12 and earlier have a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter Username in the checkUsername function within the...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.16 views

PT-2026-26566

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointment action.php. The manipulation of the argument appointment id results in sql injection. The attack can be launched remotely. The exploit is no...

5.8CVSS5.8AI score0.00321EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.5 views

DB-GPT SQL注入漏洞

DB-GPT is an open-source development framework for AI-native data applications based on AWEL and proxies, developed by eosphoros. Versions of DB-GPT 0.7.5 and earlier contain a SQL injection vulnerability. This vulnerability stems from unknown code in the /file/api/v1/editor/ section, which may...

7.5CVSS7.5AI score0.00254EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.6 views

PT-2026-26559

A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin edit menu action.php. Such manipulation of the argument product name leads to sql injection. The attack may be performed from...

5.8CVSS5.8AI score0.00327EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.6 views

Frappe SQL注入漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Versions of Frappe prior to 16.8.0 and 15.100.0 have a SQL injection vulnerability. This vulnerability stems from insufficient parameter validation, which ma...

7.5CVSS5.9AI score0.00314EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

AVideo SQL注入漏洞

AVideo is an open-source broadcast network creation tool developed by the World Wide Broadcast Network. Versions of AVideo prior to 8.0 contained a SQL injection vulnerability. This vulnerability stemmed from the use of POST sort array key values as direct SQL column identifiers, which could lead...

8.8CVSS5.8AI score0.00398EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.9 views

PT-2026-26787

Name of the Vulnerable Software and Affected Versions Ory Kratos affected versions not specified Description The ListCourierMessages Admin API in Ory Kratos is susceptible to SQL injection because of issues in its pagination implementation. Pagination tokens are encrypted using a secret configure...

7.2CVSS6.2AI score0.00252EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.4 views

Cockpit < 2.13.5 SQLi (GHSA-7x5c-vfhj-9628)

The version of Cockpit CMS running on the remote web server is prior to 2.13.5. It is, therefore, affected by a SQL injection vulnerability in the MongoLite Aggregation Optimizer. - An unsanitized field name in the toJsonExtractRaw method in lib/MongoLite/Aggregation/Optimizer.php allows an...

7.7CVSS6.1AI score0.00397EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

itsourcecode Online Frozen Foods Ordering System SQL注入漏洞

itsourcecode Online Frozen Foods Ordering System is an open-source online frozen food ordering system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which arises from incorrect handling of the parameter productname in the file admin/admin/editmenuaction.ph...

9.8CVSS5.8AI score0.00327EPSS
Exploits1References5
NVD
NVD
added 2026/03/19 11:16 p.m.6 views

CVE-2026-29099

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

8.8CVSS0.00259EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 11:14 p.m.2 views

CVE-2026-32763

Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...

8.2CVSS5.9AI score0.00419EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/19 11:14 p.m.17 views

CVE-2026-32763

Summary: CVE-2026-32763 affects Kysely up to v0.28.11, where the JSON path compilation in the MySQL/SQLite dialects is vulnerable. The root cause is that visitJSONPathLeg() appends user-controlled values from .key() and .at() directly into single-quoted JSON path literals ('$.key') without escapi...

8.2CVSS5.9AI score0.00419EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/19 11:14 p.m.3 views

CVE-2026-32763 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...

8.2CVSS6AI score0.00419EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/19 11:8 p.m.6 views

CVE-2026-33288

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, a SQL Injection vulnerability exists in the SuiteCRM authentication mechanisms when directory support is enabled. The application fails to properly sanitize...

8.8CVSS6.1AI score0.0044EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/19 11:8 p.m.4 views

EUVD-2026-13398

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, a SQL Injection vulnerability exists in the SuiteCRM authentication mechanisms when directory support is enabled. The application fails to properly sanitize...

8.8CVSS6.1AI score0.0044EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/19 10:46 p.m.21 views

CVE-2026-29099 SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality.

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

8.8CVSS0.00259EPSS
Exploits0References2
OSV
OSV
added 2026/03/19 10:46 p.m.3 views

CVE-2026-29099 SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality.

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

8.8CVSS6AI score0.00259EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:46 p.m.3 views

CVE-2026-29099

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

8.8CVSS5.9AI score0.00259EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/19 10:46 p.m.7 views

EUVD-2026-13357

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

8.8CVSS5.9AI score0.00259EPSS
Exploits0References2
Rows per page
Query Builder