Lucene search
K

216697 matches found

EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12249

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

5.8CVSS5.7AI score0.00258EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2015-9423

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'uid' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...

8.8CVSS6.1AI score0.00418EPSS
Exploits1References4
NVD
NVD
added 2026/03/16 2:20 p.m.6 views

CVE-2026-4241

A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument coursecode leads to sql injection. The attack can be launched remotely. The exploit is publicly available...

6.5CVSS0.00192EPSS
Exploits0References5
NVD
NVD
added 2026/03/16 2:20 p.m.6 views

CVE-2026-4237

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/modreports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS0.00254EPSS
Exploits0References5
NVD
NVD
added 2026/03/16 2:20 p.m.4 views

CVE-2026-4238

A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument coursecode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos...

5.8CVSS0.00202EPSS
Exploits0References5
NVD
NVD
added 2026/03/16 2:20 p.m.10 views

CVE-2026-4232

A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The...

7.5CVSS0.00254EPSS
Exploits0References4
NVD
NVD
added 2026/03/16 2:20 p.m.2 views

CVE-2026-4234

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been...

6.5CVSS0.00192EPSS
Exploits0References4
NVD
NVD
added 2026/03/16 2:20 p.m.3 views

CVE-2026-4236

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The explo...

7.5CVSS0.00278EPSS
Exploits0References8
NVD
NVD
added 2026/03/16 2:20 p.m.5 views

CVE-2026-4229

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS0.00254EPSS
Exploits0References4
NVD
NVD
added 2026/03/16 2:20 p.m.3 views

CVE-2026-4230

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...

6.5CVSS0.00192EPSS
Exploits0References4
NVD
NVD
added 2026/03/16 2:20 p.m.2 views

CVE-2026-4223

A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manageemployee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might b...

9.8CVSS0.00446EPSS
Exploits1References5
NVD
NVD
added 2026/03/16 2:20 p.m.5 views

CVE-2026-4190

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was...

7.5CVSS0.00259EPSS
Exploits0References4
NVD
NVD
added 2026/03/16 2:20 p.m.3 views

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

5.8CVSS0.00258EPSS
Exploits0References4
NVD
NVD
added 2026/03/16 2:19 p.m.3 views

CVE-2026-4173

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

6.5CVSS0.00242EPSS
Exploits0References4
NVD
NVD
added 2026/03/16 2:19 p.m.9 views

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

8.8CVSS0.00299EPSS
Exploits1References2
NVD
NVD
added 2026/03/16 2:17 p.m.4 views

CVE-2015-20121

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'uid' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...

9.8CVSS0.00418EPSS
Exploits1References3
NVD
NVD
added 2026/03/16 2:17 p.m.5 views

CVE-2015-20120

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...

9.8CVSS0.00417EPSS
Exploits1References3
CVE
CVE
added 2026/03/16 2:2 p.m.11 views

CVE-2026-4241

The CVE-2026-4241 entry concerns itsourcecode College Management System 1.0. An SQL injection vulnerability affects an unknown function in /admin/time-table.php via manipulation of the course_code argument. Impact is user-controlled input leading to potential disclosure or modification of data; t...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/16 12:52 p.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the tableHandWrite argument in the DDL Handler process. An attacker can access or modify sensitive data and potentially disrupt application functionality by injecting crafted SQL statements remotely. Remediation There ...

6.5CVSS6.8AI score0.00192EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 12:32 p.m.27 views

CVE-2026-4238 itsourcecode College Management System courses.php sql injection

A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument coursecode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos...

5.8CVSS0.00202EPSS
Exploits0References5
Rows per page
Query Builder