Lucene search
K

216691 matches found

CVE
CVE
added 2026/03/15 6:34 p.m.11 views

CVE-2015-20121

CVE-2015-20121 affects RealtyScript 4.0.2 from Next Click Ventures. The vulnerability is an SQL injection in /admin/users.php (GET parameter u_id) and /admin/mailer.php (POST parameter agent[]) allowing unauthenticated attackers to manipulate queries via time-based blind payloads to exfiltrate da...

9.8CVSS6.1AI score0.00418EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/15 9:2 a.m.42 views

CVE-2026-4173 CodePhiliaX Chat2DB Database Export DMDBManage.java updateProcedure sql injection

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

6.5CVSS0.00242EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/15 9:2 a.m.3 views

CVE-2026-4173 CodePhiliaX Chat2DB Database Export DMDBManage.java updateProcedure sql injection

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

6.5CVSS5.5AI score0.00242EPSS
Exploits0References4
CVE
CVE
added 2026/03/15 9:2 a.m.14 views

CVE-2026-4173

CodePhiliaX Chat2DB (≤0.3.7) exposes a SQL injection in DMDBManage.java under Database Export Handler, affecting functions exportTable, exportTableColumnComment, exportView, exportProcedure, exportTriggers, exportTrigger, and updateProcedure. The flaw enables remote exploitation with a proof-of-c...

6.5CVSS6.3AI score0.00242EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.5 views

PT-2026-25546

A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updateProcedure of the file DMDBManage.java of the component Database Export Handler. This manipulation...

6.5CVSS5.5AI score0.00242EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.4 views

PT-2026-25562

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

5.8CVSS5.7AI score0.00258EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.5 views

PT-2026-25563

A vulnerability was detected in JawherKl node-api-postgres up to 2.5. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. The vendor was...

7.5CVSS5.7AI score0.00259EPSS
Exploits0References6
Veracode
Veracode
added 2026/03/14 5:28 a.m.5 views

SQL Injection

Glances is vulnerable to SQL Injection. The vulnerability is due to constructing SQL queries using string concatenation with unsanitized data in the TimescaleDB export module, where values are wrapped in quotes without proper escaping, allowing attacker-controlled inputs e.g., process names or...

9.8CVSS6AI score0.00364EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2026/03/14 5:22 a.m.5 views

SQL Injection

Craft CMS is vulnerable to SQL Injection. The vulnerability is due to missing input sanitization in the ElementSearchController::actionSearch endpoint, which allows an attacker to inject malicious SQL queries via parameters like criteriawhere or criteriaorderBy and extract sensitive database...

8.8CVSS5.9AI score0.0035EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/03/14 4:54 a.m.6 views

WordPress UpsellWP plugin <= 2.2.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin UpsellWP versions = 2.2.4...

8.5CVSS5.9AI score0.00222EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/13 9:31 p.m.4 views

EUVD-2026-11916

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through = 3.32...

8.5CVSS5.8AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/13 9:31 p.m.3 views

EUVD-2026-11863

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through = 1.0.19...

8.5CVSS5.8AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/13 9:31 p.m.4 views

EUVD-2026-11848

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through = 10.14.15...

7.6CVSS5.8AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11744

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/13 9:31 p.m.3 views

EUVD-2026-11707

Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise databas...

8.5CVSS6AI score0.00317EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/13 8:50 p.m.9 views

EUVD-2026-12138

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

7.7CVSS6.2AI score0.00299EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/13 8:50 p.m.6 views

CVE-2026-32628 AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

7.7CVSS6.2AI score0.00299EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/13 8:50 p.m.30 views

CVE-2026-32628 AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

7.7CVSS0.00299EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/13 8:0 p.m.6 views

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters

Summary The telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append method documented as "trusted SQL". There is no allowlist, no parameterized...

9.9CVSS6.7AI score0.00603EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/13 8:0 p.m.6 views

EUVD-2026-11719

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters...

9.9CVSS5.9AI score0.00603EPSS
Exploits1References2
Rows per page
Query Builder