Lucene search
K

216716 matches found

EUVD
EUVD
added 2026/03/12 6:30 p.m.3 views

EUVD-2019-19784

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive databa...

8.8CVSS5.9AI score0.00331EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.9 views

EUVD-2019-19806

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.2 views

EUVD-2019-19778

XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...

8.8CVSS5.9AI score0.00306EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.3 views

EUVD-2019-19772

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arackategoriid parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to...

8.8CVSS5.9AI score0.00367EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.4 views

EUVD-2019-19782

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using...

8.8CVSS5.9AI score0.00369EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.4 views

EUVD-2019-19802

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...

8.8CVSS5.9AI score0.00287EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.6 views

EUVD-2019-19788

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data...

8.8CVSS5.9AI score0.00512EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.4 views

EUVD-2019-19766

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/12 6:30 p.m.3 views

EUVD-2019-19811

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

7.1CVSS5.9AI score0.00284EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/12 6:30 p.m.10 views

EUVD-2019-19813

Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authenticatio...

8.8CVSS5.9AI score0.00304EPSS
Exploits0References3
OSV
OSV
added 2026/03/12 6:16 p.m.4 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS6.1AI score0.00453EPSS
Exploits1References1
NVD
NVD
added 2026/03/12 6:16 p.m.7 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

8.8CVSS0.00453EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/12 5:53 p.m.27 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS0.00418EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/12 5:53 p.m.2 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 5:53 p.m.3 views

CVE-2026-32137

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/12 5:53 p.m.5 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/12 5:53 p.m.5 views

EUVD-2026-11647

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References1
CVE
CVE
added 2026/03/12 5:53 p.m.19 views

CVE-2026-32137

CVE-2026-32137: Dataease prior to 2.10.20 is vulnerable to SQL injection in the /de2api/datasource/previewData endpoint via a directly concatenated tableName parameter. The table name is user-controllable and is not filtered or parameterized, enabling injection into the SQL statement. The issue a...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2026/03/12 5:47 p.m.120 views

web-vulnerability-scanner

web-vulnerability-scanner Pyth...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/12 4:37 p.m.3 views

GHSA-C442-97QW-J6C6 Parse Server has a SQL injection via query field name when using PostgreSQL

Impact An attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL as the database. The field name in a $regex query operator is passed to PostgreSQL using unparameterized string interpolation...

5.1CVSS5.8AI score0.00201EPSS
Exploits0References5
Rows per page
Query Builder