Lucene search
K

216712 matches found

EUVD
EUVD
added 2026/03/13 8:0 p.m.6 views

EUVD-2026-11719

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters...

9.9CVSS5.9AI score0.00603EPSS
Exploits1References2
OSV
OSV
added 2026/03/13 8:0 p.m.3 views

GHSA-P5G2-JM85-8G35 OneUptime ClickHouse SQL Injection via Aggregate Query Parameters

Summary The telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append method documented as "trusted SQL". There is no allowlist, no parameterized...

9.9CVSS6.7AI score0.00603EPSS
Exploits1References4
NVD
NVD
added 2026/03/13 7:55 p.m.4 views

CVE-2026-32458

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through = 1.0.8.7...

7.6CVSS0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:55 p.m.3 views

CVE-2026-32459

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through = 2.2.4...

8.5CVSS0.00222EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:55 p.m.5 views

CVE-2026-32433

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through = 1.3.61...

8.5CVSS0.00225EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:55 p.m.4 views

CVE-2026-32422

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through = 5.8.13...

8.5CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-32418

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through = 5.4.4...

7.6CVSS0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-32399

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through = 3.32...

8.5CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-32368

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through = 1.0.19...

8.5CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.8 views

CVE-2026-32366

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through = 3.0.9...

8.5CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.3 views

CVE-2026-32365

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through = 3.0.7...

8.5CVSS0.00272EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.2 views

CVE-2026-32358

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through = 10.14.15...

7.6CVSS0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.3 views

CVE-2026-31922

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through = 1.0.6.3...

8.5CVSS0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.9 views

CVE-2026-31917

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = 1.16.10...

8.5CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/03/13 7:54 p.m.3 views

CVE-2026-25076

Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise databas...

8.5CVSS0.00317EPSS
Exploits0References3
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-22193

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...

9.2CVSS0.00305EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/13 7:35 p.m.6 views

CVE-2025-36368 IBM Sterling B2B Integrator and IBM Sterling File Gateway SQL Injection

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, and 6.2.1.0 through 6.2.1.11 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or...

6.5CVSS5.9AI score0.00314EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 7:35 p.m.28 views

CVE-2025-36368 IBM Sterling B2B Integrator and IBM Sterling File Gateway SQL Injection

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, and 6.2.1.0 through 6.2.1.11 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or...

6.5CVSS0.00314EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 12:28 p.m.4 views

BIT-PARSE-2026-31871 Parse Server has a SQL Injection via dot-notation sub-key name in `Increment` operation on PostgreSQL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.31, a SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g.,...

9.8CVSS6AI score0.00418EPSS
Exploits0References4
OSV
OSV
added 2026/03/13 12:28 p.m.2 views

BIT-PARSE-2026-31856 Parse Server has a SQL injection via `Increment` operation on nested object field in PostgreSQL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is...

9.8CVSS5.9AI score0.00418EPSS
Exploits0References4
Rows per page
Query Builder