Lucene search
K

216683 matches found

EUVD
EUVD
added 2026/03/19 10:46 p.m.7 views

EUVD-2026-13357

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

8.8CVSS5.9AI score0.00259EPSS
Exploits0References2
CVE
CVE
added 2026/03/19 10:46 p.m.7 views

CVE-2026-29099

SuiteCRM versions 7.15 and 8.9 are affected by authenticated SQL injection in the retrieve() function of include/OutboundEmail/OutboundEmail.php, exploitable via two paths in the EmailUIAjax action. The user-controlled $id is not properly neutralized, allowing retrieval of arbitrary database info...

8.8CVSS5.9AI score0.00259EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/19 10:37 p.m.16 views

CVE-2026-29096

SuiteCRM 7.15.x and 8.9.x are affected by CVE-2026-29096 due to unsanitized handling of the field_function parameter in AOR_Reports. When creating or editing a report, the POST field_function value is saved into the aor_fields table without validation, and later concatenated directly into a SQL S...

8.1CVSS6AI score0.00316EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/19 10:37 p.m.4 views

CVE-2026-29096 SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Report Fields

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report AORReports module, the fieldfunction parameter from POST data is saved directly into the aorfields table without any...

8.1CVSS6.1AI score0.00316EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 9:15 p.m.15 views

CVE-2026-32750

CVE-2026-32750 (SiYuan) affects SiYuan versions 3.6.0 and earlier. The vulnerability occurs in POST /api/import/importStdMd, where the localPath parameter is passed directly to model.ImportFromLocalPath without path validation. The function recursively reads every file under the provided path and...

6.8CVSS5.8AI score0.00431EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/19 3:16 p.m.5 views

CVE-2026-30711

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

8.8CVSS0.00259EPSS
Exploits0References2
CVE
CVE
added 2026/03/19 2:24 p.m.67 views

CVE-2026-22558

CVE-2026-22558 affects the UniFi Network Application. An "Authenticated NoSQL Injection" vulnerability could allow a malicious actor with authenticated network access to escalate privileges. The CVE entry provides a CVSS v3.1 vector ( NETWORK, LOW complexity, PRIVILEGES REQUIRED: LOW, UI: NONE, S...

7.7CVSS5.8AI score0.00554EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/19 11:15 a.m.23 views

CVE-2026-3658 Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS0.00311EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/19 11:15 a.m.3 views

CVE-2026-3658

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References6
NVD
NVD
added 2026/03/19 6:16 a.m.2 views

CVE-2026-27413

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

9.3CVSS0.00378EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 5:28 a.m.3 views

CVE-2026-27413

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

9.3CVSS5.9AI score0.00378EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/19 5:28 a.m.26 views

CVE-2026-27413 WordPress Profile Builder Pro plugin < 3.14.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

9.3CVSS0.00378EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.7 views

PT-2026-26489

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 26.0 Description AVideo, an open source video platform, contains an unauthenticated SQL injection flaw in the objects/category.php file within the getAllCategories method. The doNotShowCats request parameter undergoes...

9.8CVSS6.2AI score0.00431EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/03/19 12:0 a.m.24 views

CVE-2026-30711

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.5 views

PT-2026-26291

CVE-2026-30711 Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent. https://t.co/VA5JZrI5IV...

5.9AI score0.00259EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/19 12:0 a.m.5 views

CVE-2026-30711

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

5.8AI score0.00259EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 12:0 a.m.2 views

CVE-2026-30711

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

5.9AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26437

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

8.8CVSS5.9AI score0.00259EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.5 views

WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-31891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a...

7.7CVSS5.9AI score0.00397EPSS
Exploits0References2
Rows per page
Query Builder