Lucene search
K

216674 matches found

OSV
OSV
added 2026/03/16 7:19 p.m.2 views

CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

8.8CVSS6AI score0.00276EPSS
Exploits0References4
CVE
CVE
added 2026/03/16 7:13 p.m.15 views

CVE-2026-28430

Chamilo LMS is affected by an unauthenticated SQL injection in the chamiko-lms model.ajax.php component prior to version 1.11.34, exploitable via the custom_dates parameter. Successful exploitation can lead to full administrative account takeover and access to the entire database (including PII a...

9.8CVSS6.1AI score0.00329EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/16 7:13 p.m.22 views

CVE-2026-28430 Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the customdates parameter. By chaining this with a predictable legacy password reset mechanism, an...

9.3CVSS0.00329EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 6:32 p.m.4 views

EUVD-2025-208757

SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References4
NVD
NVD
added 2026/03/16 6:16 p.m.10 views

CVE-2025-69768

SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...

7.5CVSS0.0041EPSS
Exploits1References3
OSV
OSV
added 2026/03/16 6:16 p.m.4 views

CVE-2025-69768

SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...

7.5CVSS6AI score
Exploits0References3
OSV
OSV
added 2026/03/16 4:34 p.m.3 views

GHSA-49G7-2WW7-3VF5 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Summary The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module glances/exports/glancesduckdb/init.py was not included in this fix...

7CVSS5.9AI score0.00325EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/16 4:34 p.m.6 views

Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Summary The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module glances/exports/glancesduckdb/init.py was not included in this fix...

9.1CVSS5.9AI score0.00325EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2026-12423

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/modreports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/16 3:30 p.m.6 views

EUVD-2026-12427

A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument coursecode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos...

5.8CVSS5.7AI score0.00202EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2026-12373

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12381

A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/16 3:30 p.m.6 views

EUVD-2026-12361

A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manageemployee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might b...

7.5CVSS7AI score0.00446EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12401

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/16 3:30 p.m.6 views

EUVD-2026-12375

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...

6.5CVSS5.5AI score0.00192EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12436

A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument coursecode leads to sql injection. The attack can be launched remotely. The exploit is publicly available...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References6
OSV
OSV
added 2026/03/16 3:30 p.m.4 views

GHSA-6MJ8-JMP2-G8Q7 Vanna has a SQL injection in the remove_training_data function

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.3CVSS5.7AI score0.00254EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/16 3:30 p.m.3 views

EUVD-2026-12251

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was...

7.5CVSS5.7AI score0.00259EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12249

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

5.8CVSS5.7AI score0.00258EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2015-9423

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'uid' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...

8.8CVSS6.1AI score0.00418EPSS
Exploits1References4
Rows per page
Query Builder