Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

216518 matches found

Cvelist
Cvelistadded 2026/03/27 10:10 p.m.17 views

CVE-2026-33991 WeGIA has SQL Injection in deletar_tag.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS0.00392EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/27 10:10 p.m.4 views

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/27 10:10 p.m.4 views

CVE-2026-33991 WeGIA has SQL Injection in deletar_tag.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References1
EUVD
EUVDadded 2026/03/27 9:31 p.m.5 views

EUVD-2026-16762

A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file deletephotos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been release...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References6
Snyk
Snykadded 2026/03/27 7:24 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the MDM bootstrap package configuration. An attacker can modify arbitrary team configurations, exfiltrate sensitive data from the database, and inject arbitrary content into team configurations by sending crafted API...

8.8CVSS6.1AI score0.00318EPSS
Exploits0References2
NVD
NVDadded 2026/03/27 7:16 p.m.10 views

CVE-2026-34385

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...

8.6CVSS0.00197EPSS
Exploits0References1
NVD
NVDadded 2026/03/27 7:16 p.m.7 views

CVE-2026-34374

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Liveschedule::keyExists method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method is called as a fallback from LiveTransmition::keyExists...

9.1CVSS0.00344EPSS
Exploits1References1
EUVD
EUVDadded 2026/03/27 6:31 p.m.4 views

EUVD-2026-16738

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/modroom/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and m...

6.5CVSS5.8AI score0.0025EPSS
Exploits0References6
EUVD
EUVDadded 2026/03/27 6:31 p.m.2 views

EUVD-2026-16680

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...

9.8CVSS6AI score0.0033EPSS
Exploits1References2
EUVD
EUVDadded 2026/03/27 6:31 p.m.2 views

EUVD-2026-16678

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...

8.8CVSS6AI score0.00445EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/27 6:30 p.m.5 views

CVE-2026-34386

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS6AI score0.00318EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/27 6:30 p.m.2 views

CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS6AI score0.00318EPSS
Exploits0References1
CVE
CVEadded 2026/03/27 6:30 p.m.21 views

CVE-2026-34386

Fleet is open source device management software. Before 4.81.0, a SQL injection vulnerability in Fleet’s MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet da...

8.8CVSS6AI score0.00318EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2026/03/27 6:30 p.m.5 views

CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS6AI score0.00318EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/27 6:30 p.m.26 views

CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS0.00318EPSS
Exploits0References1
CVE
CVEadded 2026/03/27 6:29 p.m.17 views

CVE-2026-34385

CVE-2026-34385 affects Fleet open source device management software. A second‑order SQL injection in Fleet’s Apple MDM profile delivery pipeline prior to 4.81.0 could allow a user with a valid MDM enrollment certificate to exfiltrate or modify the Fleet database contents, including user credentia...

8.6CVSS6AI score0.00197EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/03/27 6:24 p.m.30 views

CVE-2026-4970 code-projects Social Networking Site Endpoint delete_photos.php sql injection

A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file deletephotos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been release...

6.5CVSS0.00192EPSS
Exploits0References5
CVE
CVEadded 2026/03/27 6:24 p.m.13 views

CVE-2026-4970

CVE-2026-4970 affects code-projects Social Networking Site 1.0. The vulnerability is SQL injection in the file delete_photos.php (Endpoint component) triggered by manipulating the ID argument. It can be exploited remotely and the exploit is publicly available. The connected CVE records do not pro...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/03/27 6:24 p.m.2 views

CVE-2026-4970

A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file deletephotos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been release...

6.5CVSS5.8AI score0.00192EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/27 6:24 p.m.2 views

CVE-2026-4970 code-projects Social Networking Site Endpoint delete_photos.php sql injection

A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file deletephotos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been release...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References5
Rows per page
Query Builder