Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

216518 matches found

CNNVD
CNNVDadded 2026/03/29 12:0 a.m.6 views

Code-Projects Accounting System SQL注入漏洞

Code-Projects Accounting System is an accounting system developed by Code-Projects as open source. Version 1.0 of Code-Projects Accounting System has a SQL injection vulnerability. This vulnerability stems from improper handling of the cosid parameter in the file/viewcostumer.php, which may lead ...

9.8CVSS7.2AI score0.00342EPSS
Exploits1References5
CNNVD
CNNVDadded 2026/03/29 12:0 a.m.9 views

Code-Projects Accounting System SQL注入漏洞

Code-Projects Accounting System is an accounting system open sourced by Code-Projects. Version 1.0 of the Code-Projects Accounting System has a SQL injection vulnerability. This vulnerability stems from improper handling of the cosid parameter in the file/editcostumer.php, which may lead to SQL...

9.8CVSS7.2AI score0.00329EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/03/28 11:30 p.m.34 views

CVE-2026-5019 code-projects Simple Food Order System Parameter all-orders.php sql injection

A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be...

7.5CVSS0.00449EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/03/28 11:30 p.m.2 views

CVE-2026-5019

A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be...

7.5CVSS6.9AI score0.00449EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/28 11:30 p.m.3 views

CVE-2026-5019 code-projects Simple Food Order System Parameter all-orders.php sql injection

A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be...

7.5CVSS5.8AI score0.00449EPSS
Exploits1References5
NVD
NVDadded 2026/03/28 11:16 p.m.8 views

CVE-2026-5018

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

9.8CVSS0.00345EPSS
Exploits1References5
NVD
NVDadded 2026/03/28 11:16 p.m.4 views

CVE-2026-5017

A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The...

9.8CVSS0.00333EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/03/28 11:10 p.m.3 views

CVE-2026-4966

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/modroom/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and m...

6.5CVSS6.5AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/28 11:10 p.m.4 views

CVE-2026-34385

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...

8.6CVSS6AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/28 11:10 p.m.3 views

CVE-2026-34386

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS6AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/28 11:9 p.m.4 views

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/03/28 10:30 p.m.30 views

CVE-2026-5018 code-projects Simple Food Order System Parameter register-router.php sql injection

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

7.5CVSS0.00345EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/03/28 10:30 p.m.4 views

CVE-2026-5018

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

7.5CVSS6.9AI score0.00345EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/28 10:30 p.m.1 views

CVE-2026-5017

A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The...

7.5CVSS6.9AI score0.00333EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2026/03/28 10:30 p.m.30 views

CVE-2026-5017 code-projects Simple Food Order System Parameter all-tickets.php sql injection

A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The...

7.5CVSS0.00333EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2026/03/28 10:30 p.m.3 views

CVE-2026-5017 code-projects Simple Food Order System Parameter all-tickets.php sql injection

A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The...

7.5CVSS5.8AI score0.00333EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/03/28 4:59 p.m.3 views

CVE-2026-33770

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...

9.8CVSS6AI score0.00492EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/28 4:59 p.m.2 views

CVE-2026-33755

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...

8.8CVSS6.1AI score0.00387EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/28 4:59 p.m.4 views

CVE-2026-4954

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/28 12:30 p.m.2 views

EUVD-2026-16921

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

7.5CVSS5.7AI score0.00259EPSS
Exploits0References5
Rows per page
Query Builder