Lucene search
K

216701 matches found

EUVD
EUVD
added 2026/03/13 9:31 p.m.4 views

EUVD-2026-11916

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through = 3.32...

8.5CVSS5.8AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/13 9:31 p.m.3 views

EUVD-2026-11863

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through = 1.0.19...

8.5CVSS5.8AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/13 9:31 p.m.4 views

EUVD-2026-11848

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through = 10.14.15...

7.6CVSS5.8AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11744

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/13 9:31 p.m.3 views

EUVD-2026-11707

Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise databas...

8.5CVSS6AI score0.00317EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/13 8:50 p.m.9 views

EUVD-2026-12138

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

7.7CVSS6.2AI score0.00299EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/13 8:50 p.m.6 views

CVE-2026-32628 AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

7.7CVSS6.2AI score0.00299EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/13 8:50 p.m.30 views

CVE-2026-32628 AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

7.7CVSS0.00299EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/13 8:0 p.m.6 views

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters

Summary The telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append method documented as "trusted SQL". There is no allowlist, no parameterized...

9.9CVSS6.7AI score0.00603EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/13 8:0 p.m.6 views

EUVD-2026-11719

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters...

9.9CVSS5.9AI score0.00603EPSS
Exploits1References2
OSV
OSV
added 2026/03/13 8:0 p.m.3 views

GHSA-P5G2-JM85-8G35 OneUptime ClickHouse SQL Injection via Aggregate Query Parameters

Summary The telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append method documented as "trusted SQL". There is no allowlist, no parameterized...

9.9CVSS6.7AI score0.00603EPSS
Exploits1References4
NVD
NVD
added 2026/03/13 7:55 p.m.4 views

CVE-2026-32458

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through = 1.0.8.7...

7.6CVSS0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:55 p.m.3 views

CVE-2026-32459

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through = 2.2.4...

8.5CVSS0.00222EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:55 p.m.5 views

CVE-2026-32433

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through = 1.3.61...

8.5CVSS0.00225EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:55 p.m.4 views

CVE-2026-32422

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through = 5.8.13...

8.5CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-32418

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through = 5.4.4...

7.6CVSS0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-32399

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through = 3.32...

8.5CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-32368

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through = 1.0.19...

8.5CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.8 views

CVE-2026-32366

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through = 3.0.9...

8.5CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.3 views

CVE-2026-32365

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through = 3.0.7...

8.5CVSS0.00272EPSS
Exploits0References1
Rows per page
Query Builder