Lucene search
K

216711 matches found

CNNVD
CNNVD
added 2026/03/13 12:0 a.m.5 views

WordPress plugin wpDiscuz SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.5 views

WordPress plugin WOLF SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

7.6CVSS5.9AI score0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.5 views

PT-2026-25205

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through = 10.14.15...

7.6CVSS5.8AI score0.00291EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.6 views

PT-2026-25139

wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation key, subscription date, and imported from parameters to manipulat...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.5 views

WordPress plugin UpsellWP SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.5CVSS5.9AI score0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.7 views

WordPress plugin Collapsing Categories SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.5CVSS5.9AI score0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.3 views

PT-2026-25175

🟠 CVE-2026-31922 - High Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a t... https://t.co/i55zYaF4a0 https://t.co/ETGiZLQdSM...

8.5CVSS5.8AI score0.00215EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.5 views

WordPress plugin Geo to Lat SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

8.5CVSS5.9AI score0.00228EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 9:27 p.m.2 views

CVE-2026-32306

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .appe...

9.9CVSS6.4AI score0.00603EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/12 9:27 p.m.27 views

CVE-2026-32306

CVE-2026-32306 affects OneUptime prior to 10.0.23. The telemetry aggregation API interpolates user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName into ClickHouse queries via .append() with no allowlist, parameterized binding, or input validation. An authentica...

9.9CVSS6.6AI score0.00603EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/03/12 9:7 p.m.8 views

CVE-2026-25076

Technical details about CVE-2026-25076 are not publicly provided in the supplied documents; monitor for updates.

8.5CVSS6.1AI score0.00317EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/12 9:7 p.m.4 views

CVE-2026-25076 Anchore Enterprise GraphQL Reports API SQL injection

Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise databas...

8.5CVSS6.1AI score0.00317EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/12 9:7 p.m.3 views

CVE-2026-25076

Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise databas...

8.5CVSS6AI score0.00317EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/12 6:30 p.m.7 views

EUVD-2019-19815

Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the...

8.8CVSS5.9AI score0.00304EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.5 views

EUVD-2019-19821

Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features...

8.8CVSS6.1AI score0.00315EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.5 views

EUVD-2019-19819

Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field ...

8.8CVSS5.9AI score0.00254EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.3 views

EUVD-2019-19810

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL...

8.8CVSS5.9AI score0.00401EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.3 views

EUVD-2019-19784

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive databa...

8.8CVSS5.9AI score0.00331EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.9 views

EUVD-2019-19813

Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authenticatio...

8.8CVSS5.9AI score0.00304EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.9 views

EUVD-2019-19806

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References3
Rows per page
Query Builder