Lucene search
K

216673 matches found

CNNVD
CNNVD
added 2026/03/17 12:0 a.m.4 views

Red Hat Satellite SQL注入漏洞

Red Hat Satellite is a system management platform developed by Red Hat Inc. This platform can be used to expand Linux infrastructure and provides system management functions such as administration, configuration, and monitoring. Red Hat Satellite 6 has a SQL injection vulnerability, which stems...

5.4CVSS7.3AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/17 12:0 a.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to the AbstractFilterExpressionConverter's handling of operator characters, such as || and &&. This allows authenticated users to bypass metadata-based access controls by supplying arbitrary JSONPath queries to access...

8.6CVSS6AI score0.00521EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.8 views

PT-2026-25929

Name of the Vulnerable Software and Affected Versions GLPI versions 11.0.0 through 11.0.5 Description GLPI is a free Asset and IT management software package. An authenticated user can perform a SQL injection. The SQL injection can be performed through unspecified vectors. Recommendations Update ...

8.8CVSS5.9AI score0.00339EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.10 views

PT-2026-25899

Name of the Vulnerable Software and Affected Versions Red Hat Satellite Katello Plugin affected versions not specified Description A flaw exists in the Katello plugin for Red Hat Satellite due to improper sanitization of user-provided input. This allows a remote attacker to inject arbitrary SQL...

5.4CVSS7.3AI score0.00262EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.8 views

GLPI SQL注入漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

8.8CVSS6AI score0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.5 views

WordPress plugin WowStore SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.8AI score0.00304EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.7 views

PT-2026-25868

The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

7.5CVSS5.9AI score0.00304EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.11 views

PT-2026-25838

A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack can be...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.7 views

PT-2026-25839

A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The explo...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.12 views

PT-2026-25940

Name of the Vulnerable Software and Affected Versions Spring AI versions prior to 1.0.4 Spring AI versions prior to 1.1.3 Description A critical SQL injection flaw exists in Spring AI's MariaDBFilterExpressionConverter component. This issue allows attackers to bypass metadata-based access control...

8.8CVSS6.1AI score0.00522EPSS
Exploits1References23
Cvelist
Cvelist
added 2026/03/16 11:33 p.m.33 views

CVE-2026-4287 Tiandy Easy7 Integrated Management Platform Endpoint queryResources sql injection

A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpoint. Performing a manipulation of the argument areaId results in sql injection. The attack can be...

7.5CVSS0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:33 p.m.2 views

CVE-2026-4287

A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpoint. Performing a manipulation of the argument areaId results in sql injection. The attack can be...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/16 11:33 p.m.13 views

CVE-2026-4287

Tiandy Easy7 Integrated Management Platform Endpoint (version 7.17.0) has a SQL injection in the /rest/devStatus/queryResources function when areaId is manipulated. The vulnerability is exploitable remotely; a public exploit reportedly exists. The vendor was contacted but did not respond. No reme...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/16 11:33 p.m.2 views

CVE-2026-4287 Tiandy Easy7 Integrated Management Platform Endpoint queryResources sql injection

A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpoint. Performing a manipulation of the argument areaId results in sql injection. The attack can be...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/16 9:19 p.m.13 views

Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

Summary The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and...

8CVSS6.1AI score0.00279EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/16 8:16 p.m.5 views

CVE-2026-30881

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

8.8CVSS0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 7:19 p.m.2 views

CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

8.8CVSS6AI score0.00276EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 7:19 p.m.16 views

CVE-2026-30881

Chamilo LMS (versions

8.8CVSS6AI score0.00276EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/16 7:19 p.m.21 views

CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

8.8CVSS0.00276EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 7:19 p.m.6 views

EUVD-2026-12500

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

8.8CVSS6AI score0.00276EPSS
Exploits0References2
Rows per page
Query Builder