Lucene search
K

216688 matches found

CNNVD
CNNVD
added 2026/03/16 12:0 a.m.4 views

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the coursecode parameter in the...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Express - Node.js API with PostgreSQL SQL注入漏洞

Express - Node.js API with PostgreSQL is a RESTful API service developed by Jawher Kl, based on Node.js and PostgreSQL. Versions of Express - Node.js API with PostgreSQL prior to version 2.5 have a SQL injection vulnerability. This vulnerability stems from incorrect handling of the sort parameter...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2026/03/16 12:0 a.m.6 views

(Pwn2Own) QNAP TS-453E nvrlog_event_add msg SQL Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling ...

8CVSS6.2AI score0.00919EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25681

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.5 views

Vanna SQL注入漏洞

Vanna is a personalized AI SQL proxy from Vanna Inc. Versions of Vanna 2.0.2 and earlier had an SQL injection vulnerability. This vulnerability stemmed from improper handling of the parameter ID in the function removetrainingdata located in the file src/vanna/legacy/google/bigqueryvector.py. An S...

7.5CVSS7.1AI score0.00254EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.5 views

itsourcecode Payroll Management System SQL注入漏洞

itsourcecode Payroll Management System is an open-source payroll management system developed by itsourcecode. Version 1.0 of the itsourcecode Payroll Management System has a SQL injection vulnerability. This vulnerability arises from operations on the parameter ID in the file manageemployee.php,...

9.8CVSS7.2AI score0.00446EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.7 views

PT-2026-25801

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters date start and date end from $ REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escape...

8.8CVSS6AI score0.00276EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.10 views

PT-2026-25704

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/mod reports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/15 7:32 p.m.35 views

CVE-2026-4190 JawherKl node-api-postgres user.js User.getAll sql injection

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was...

7.5CVSS0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/03/15 7:32 p.m.14 views

CVE-2026-4190

JawherKl node-api-postgres (up to 2.5) is affected by a SQL injection in User.getAll (models/user.js) caused by unsafely manipulated sort argument. The vulnerability allows remote execution, and public exploit code is available. Vendor was contacted but no response. No remediation details are pro...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/15 7:32 p.m.4 views

CVE-2026-4190

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was...

7.5CVSS5.7AI score0.00259EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/15 7:32 p.m.2 views

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

5.8CVSS5.7AI score0.00258EPSS
Exploits0References4
CVE
CVE
added 2026/03/15 7:32 p.m.8 views

CVE-2026-4189

CVE-2026-4189 affects phpipam up to version 1.7.4. The vulnerability lies in the file app/admin/sections/edit-result.php (Section Handler) where manipulating the subnetOrdering argument can lead to SQL injection. The issue enables remote attack potential and has publicly available exploit code. V...

5.8CVSS5.7AI score0.00258EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/15 7:32 p.m.36 views

CVE-2026-4189 phpipam Section edit-result.php sql injection

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

5.8CVSS0.00258EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/15 6:34 p.m.24 views

CVE-2015-20121 RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'uid' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...

8.8CVSS0.00418EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.3 views

CVE-2015-20121 RealtyScript 4.0.2 SQL Injection via u_id and agent Parameters

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'uid' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...

8.8CVSS6.1AI score0.00418EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/15 6:34 p.m.3 views

CVE-2015-20121

Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'uid' in /admin/users.php and the POST parameter 'agent' in /admin/mailer.php. Attackers can...

6.1AI score0.00418EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/15 6:34 p.m.11 views

CVE-2015-20121

CVE-2015-20121 affects RealtyScript 4.0.2 from Next Click Ventures. The vulnerability is an SQL injection in /admin/users.php (GET parameter u_id) and /admin/mailer.php (POST parameter agent[]) allowing unauthenticated attackers to manipulate queries via time-based blind payloads to exfiltrate da...

9.8CVSS6.1AI score0.00418EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/15 9:2 a.m.42 views

CVE-2026-4173 CodePhiliaX Chat2DB Database Export DMDBManage.java updateProcedure sql injection

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

6.5CVSS0.00242EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/15 9:2 a.m.3 views

CVE-2026-4173 CodePhiliaX Chat2DB Database Export DMDBManage.java updateProcedure sql injection

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

6.5CVSS5.5AI score0.00242EPSS
Exploits0References4
Rows per page
Query Builder