Lucene search
K

216691 matches found

CVE
CVE
added 2026/03/17 11:29 a.m.13 views

CVE-2025-31966

CVE-2025-31966 : HCL Sametime is vulnerable due to broken server-side validation that fails to enforce client-side input checks. An attacker can bypass restrictions by sending manipulated HTTP requests directly to the server. The documented CVSS 3.1 metrics indicate a LOW base score (2.7), with n...

2.7CVSS5.9AI score0.00194EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/03/17 9:25 a.m.116 views

Assignment

Assignment Sql injection on a...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/17 1:24 a.m.7 views

EUVD-2026-12532

The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

7.5CVSS5.9AI score0.00304EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/17 1:24 a.m.3 views

CVE-2026-2579 WowStore – Store Builder & Product Blocks for WooCommerce <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter

The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

7.5CVSS5.9AI score0.00304EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/17 1:24 a.m.3 views

CVE-2026-2579

The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

7.5CVSS5.9AI score0.00304EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/17 12:31 a.m.3 views

EUVD-2026-12531

A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The explo...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/17 12:31 a.m.8 views

EUVD-2026-12530

A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack can be...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/17 12:31 a.m.4 views

EUVD-2026-12529

A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpoint. Performing a manipulation of the argument areaId results in sql injection. The attack can be...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
NVD
NVD
added 2026/03/17 12:16 a.m.3 views

CVE-2026-4288

A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack can be...

7.5CVSS0.00254EPSS
Exploits0References4
NVD
NVD
added 2026/03/17 12:16 a.m.3 views

CVE-2026-4289

A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The explo...

7.5CVSS0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/17 12:3 a.m.3 views

CVE-2026-4289

A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The explo...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/17 12:3 a.m.2 views

CVE-2026-4289 Tiandy Easy7 Integrated Management Platform getRecByTemplateId sql injection

A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The explo...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References4
CVE
CVE
added 2026/03/17 12:2 a.m.14 views

CVE-2026-4288

CVE-2026-4288 affects Tiandy Easy7 Integrated Management Platform 7.17.0. The vulnerability is an SQL injection in an unknown function of the Endpoint component, triggered by manipulating the argument ID in /rest/devStatus/getDevDetailedInfo. Access is remote and exploitation is publicly availabl...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/17 12:2 a.m.2 views

CVE-2026-4288

A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack can be...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/17 12:2 a.m.4 views

CVE-2026-4288 Tiandy Easy7 Integrated Management Platform Endpoint getDevDetailedInfo sql injection

A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack can be...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/17 12:0 a.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to the AbstractFilterExpressionConverter's handling of operator characters, such as || and &&. This allows authenticated users to bypass metadata-based access controls by supplying arbitrary JSONPath queries to access...

8.6CVSS6AI score0.00521EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.8 views

PT-2026-25929

Name of the Vulnerable Software and Affected Versions GLPI versions 11.0.0 through 11.0.5 Description GLPI is a free Asset and IT management software package. An authenticated user can perform a SQL injection. The SQL injection can be performed through unspecified vectors. Recommendations Update ...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.10 views

PT-2026-25899

Name of the Vulnerable Software and Affected Versions Red Hat Satellite Katello Plugin affected versions not specified Description A flaw exists in the Katello plugin for Red Hat Satellite due to improper sanitization of user-provided input. This allows a remote attacker to inject arbitrary SQL...

5.4CVSS7.3AI score0.00262EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.8 views

GLPI SQL注入漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

8.8CVSS6AI score0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.5 views

Red Hat Satellite SQL注入漏洞

Red Hat Satellite is a system management platform developed by Red Hat Inc. This platform can be used to expand Linux infrastructure and provides system management functions such as administration, configuration, and monitoring. Red Hat Satellite 6 has a SQL injection vulnerability, which stems...

5.4CVSS7.3AI score0.00262EPSS
Exploits0References3
Rows per page
Query Builder