Lucene search
K

216678 matches found

Cvelist
Cvelist
added 2026/03/16 12:32 p.m.27 views

CVE-2026-4238 itsourcecode College Management System courses.php sql injection

A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument coursecode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos...

5.8CVSS0.00202EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/16 12:2 p.m.29 views

CVE-2026-4237 itsourcecode Free Hotel Reservation System index.php sql injection

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/modreports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/16 12:2 p.m.4 views

CVE-2026-4237

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/modreports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/03/16 11:40 a.m.6 views

WordPress WZone plugin <= 14.0.31 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WZone versions = 14.0.31...

8.5CVSS5.9AI score0.00253EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:32 a.m.1 views

CVE-2026-4236

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The explo...

7.5CVSS5.7AI score0.00278EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 11:32 a.m.2 views

CVE-2026-4236 itsourcecode Online Enrollment System index.php sql injection

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The explo...

7.5CVSS6.9AI score0.00278EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:2 a.m.2 views

CVE-2026-4235

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument useremail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/16 10:48 a.m.6 views

SQL Injection

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to SQL Injection via the removetrainingdata function in the file bigqueryvector.py. An attacker can execute arbitrary SQL commands by supplying crafted input to the ID argument...

7.5CVSS7.5AI score0.00254EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 10:47 a.m.3 views

SQL Injection

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to SQL Injection via the updatesql function. An attacker can execute arbitrary SQL commands by supplying crafted input remotely. Remediation There is no fixed version for vanna...

6.5CVSS7AI score0.00192EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 10:32 a.m.2 views

CVE-2026-4234 SSCMS DDL SitesAddController.Submit.cs sql injection

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/16 10:32 a.m.6 views

CVE-2026-4234

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References4
CVE
CVE
added 2026/03/16 10:32 a.m.11 views

CVE-2026-4234

CVE-2026-4234 affects SSCMS 7.4.0, specifically the DDL Handler component and the file SitesAddController.Submit.cs . The vulnerability arises from the manipulation of the argument tableHandWrite , enabling a SQL injection . The attack can be executed remotely and the exploit has been publicly re...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/16 10:11 a.m.4 views

CVE-2026-3021

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/16 9:32 a.m.3 views

CVE-2026-4232

A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/16 9:32 a.m.32 views

CVE-2026-4232 Tiandy Integrated Management Platform getAuthorityByUserId sql injection

A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The...

7.5CVSS0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/16 8:32 a.m.2 views

CVE-2026-4230

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...

6.5CVSS5.5AI score0.00192EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 8:32 a.m.4 views

CVE-2026-4230 vanna-ai vanna Endpoint __init__.py update_sql sql injection

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...

6.5CVSS5.5AI score0.00192EPSS
Exploits0References4
CVE
CVE
added 2026/03/16 8:32 a.m.14 views

CVE-2026-4230

Vulnerability CVE-2026-4230 affects vanna-ai vanna Endpoint up to version 2.0.2. The vulnerable component is the update_sql function in src/vanna/legacy/flask/init .py, which enables SQL injection. The issue can be triggered remotely, and the exploit has been disclosed publicly. No remediation de...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References4
CVE
CVE
added 2026/03/16 8:32 a.m.24 views

CVE-2026-4229

CVE-2026-4229 affects vanna-ai vanna up to version 2.0.2, specifically the function remove_training_data in src/vanna/legacy/google/bigquery_vector.py. The underlying issue is a manipulation of the argument ID that enables SQL injection, permitting a remote attacker to exploit the vulnerability. ...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/16 8:32 a.m.4 views

CVE-2026-4229

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder