Lucene search
K

216733 matches found

CVE
CVE
added 2026/03/12 12:32 a.m.15 views

CVE-2026-3969

CVE-2026-3969 affects FeMiner wms up to 1.0. The vulnerability lies in /wms-master/src/basic/depart/depart_add_bg.php (Basic Organizational Structure Module): manipulating the Name argument enables SQL injection. Attack vector is network with low complexity and no privileges required; remote expl...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-24969

XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...

8.8CVSS5.9AI score0.00306EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.4 views

PT-2026-24936

A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is...

7.5CVSS6.9AI score0.00379EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-24920

🚨 CVE-2026-3981 A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit h...

9.8CVSS6.9AI score0.00379EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.9 views

Hotel-Booking-Script uHotelBooking SQL注入漏洞

Hotel-Booking-Script uHotelBooking is a hotel room reservation management system developed by Hotel-Booking-Script Inc. Hotel-Booking-Script uHotelBooking has a SQL injection vulnerability. This vulnerability stems from the SQL injection present in the systempage parameter, which may allow...

8.8CVSS5.8AI score0.00335EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24984

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.2 views

PT-2026-24988

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL...

8.8CVSS5.9AI score0.00401EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24987

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloa...

8.8CVSS5.9AI score0.00409EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.2 views

PT-2026-24968

Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to...

8.8CVSS5.9AI score0.0036EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24985

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to...

8.8CVSS5.9AI score0.00409EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-24977

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injecti...

8.8CVSS5.9AI score0.00451EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/12 12:0 a.m.4 views

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

6.1AI score0.00453EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

Netartmedia PHP Real Estate Agency SQL注入漏洞

Netartmedia PHP Real Estate Agency is a real estate brokerage management system developed by the Bulgarian company Netartmedia. Version 4.0 of Netartmedia PHP Real Estate Agency has a SQL injection vulnerability. This vulnerability stems from the features parameter, which allows for SQL injection...

8.8CVSS6.1AI score0.00315EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.4 views

PT-2026-24900

A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/depart add bg.php of the component Basic Organizational Structure Module. Performing a manipulation of the argument Name results in sql injection. The attack may be...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.3 views

PT-2026-24979

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to...

8.8CVSS6AI score0.00265EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

iScripts ReserveLogic SQL注入漏洞

iScripts ReserveLogic is a reservation management system developed by the American company iScripts. iScripts ReserveLogic has a SQL injection vulnerability, which stems from the jqSearchDestination parameter being susceptible to SQL injections. This vulnerability could allow unauthenticated...

8.8CVSS5.9AI score0.00318EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.5 views

202CMS SQL注入漏洞

202CMS is a content management system developed by konradpl99. The 202CMS v10 beta version has a SQL injection vulnerability. This vulnerability stems from the loguser parameter, which allows for SQL injections, potentially enabling unverified attackers to manipulate database queries...

8.8CVSS5.9AI score0.00415EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.4 views

Netartmedia PHP Business Directory SQL注入漏洞

Netartmedia PHP Business Directory is a commercial directory website system developed by Netartmedia Company in Bulgaria. Version 4.2 of Netartmedia PHP Business Directory has a SQL injection vulnerability. This vulnerability stems from the Email parameters being subject to SQL injections, which...

8.8CVSS5.8AI score0.00304EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.5 views

Xooscripts XooDigital SQL注入漏洞

Xooscripts XooDigital is a software developed by the Xooscripts company. Xooscripts XooDigital has a SQL injection vulnerability; this vulnerability stems from the p parameter being susceptible to SQL injections, which may allow unauthenticated attackers to manipulate database queries and extract...

8.8CVSS5.8AI score0.00306EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.9 views

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Ready-made News Sites Script is a content management system provided by the Turkish company Jettweb. The Jettweb PHP Ready-made News Sites Script V3 version has a SQL injection vulnerability. This vulnerability stems from an authentication bypass in the login.php administration panel,...

9.8CVSS5.9AI score0.01089EPSS
Exploits1References2
Rows per page
Query Builder