Lucene search
K

216733 matches found

EUVD
EUVD
added 2026/03/12 6:30 p.m.4 views

EUVD-2019-19766

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.3 views

EUVD-2019-19811

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

7.1CVSS5.9AI score0.00284EPSS
Exploits0References5
OSV
OSV
added 2026/03/12 6:16 p.m.4 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS6.1AI score0.00453EPSS
Exploits1References1
NVD
NVD
added 2026/03/12 6:16 p.m.7 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS0.00453EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/12 5:53 p.m.27 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS0.00418EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/12 5:53 p.m.2 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 5:53 p.m.5 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 5:53 p.m.5 views

EUVD-2026-11647

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 5:53 p.m.3 views

CVE-2026-32137

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/12 5:53 p.m.19 views

CVE-2026-32137

CVE-2026-32137: Dataease prior to 2.10.20 is vulnerable to SQL injection in the /de2api/datasource/previewData endpoint via a directly concatenated tableName parameter. The table name is user-controllable and is not filtered or parameterized, enabling injection into the SQL statement. The issue a...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2026/03/12 5:47 p.m.120 views

web-vulnerability-scanner

web-vulnerability-scanner Pyth...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/12 4:37 p.m.3 views

GHSA-C442-97QW-J6C6 Parse Server has a SQL injection via query field name when using PostgreSQL

Impact An attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL as the database. The field name in a $regex query operator is passed to PostgreSQL using unparameterized string interpolation...

5.1CVSS5.8AI score0.00201EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/03/12 4:33 p.m.125 views

VulnEye---Lightweight-Vulnerability-Scanner

VulnEye - Lightweight Vulnerability Scanner VulnEye is a modu...

5.9AI score
Exploits0
NVD
NVD
added 2026/03/12 4:16 p.m.4 views

CVE-2019-25541

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in...

8.8CVSS0.00373EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.4 views

CVE-2019-25542

Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the useremail parameter. Attackers can send POST requests to index.php with malicious payloads in the useremail field to...

8.8CVSS0.0046EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.4 views

CVE-2019-25539

202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection technique...

8.8CVSS0.00415EPSS
Exploits1References3
NVD
NVD
added 2026/03/12 4:16 p.m.5 views

CVE-2019-25538

202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send crafted requests with malicious SQL statements in the loguser field to extract sensitive database...

8.8CVSS0.00365EPSS
Exploits1References3
NVD
NVD
added 2026/03/12 4:16 p.m.5 views

CVE-2019-25540

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL payloads to extract sensitive database information includi...

8.8CVSS0.00359EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.6 views

CVE-2019-25536

Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features...

8.8CVSS0.00315EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 4:16 p.m.5 views

CVE-2019-25535

Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field ...

8.8CVSS0.00254EPSS
Exploits0References2
Rows per page
Query Builder