Lucene search
K

216737 matches found

NVD
NVD
added 2026/03/11 7:16 p.m.3 views

CVE-2026-31877

Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. This vulnerability is fixed in 15.84.0 and 14.99.0...

9.8CVSS0.00285EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 7:16 p.m.5 views

CVE-2019-25486

Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit POST requests with crafted SQL payloads in the userid field to bypass authentication and extract...

8.8CVSS0.00334EPSS
Exploits0References3
OSV
OSV
added 2026/03/11 7:10 p.m.2 views

CVE-2026-31896 WeGIA has a Time-Based Blind SQL Injection in remover_produto_ocultar.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The removerprodutoocultar.php script uses extract$REQUEST to populate local variables and then directly concatenates these variables into a SQL query...

9.8CVSS6.1AI score0.00351EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:10 p.m.3 views

CVE-2026-31896

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The removerprodutoocultar.php script uses extract$REQUEST to populate local variables and then directly concatenates these variables into a SQL query...

9.8CVSS6.1AI score0.00351EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/11 7:10 p.m.5 views

EUVD-2026-11313

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The removerprodutoocultar.php script uses extract$REQUEST to populate local variables and then directly concatenates these variables into a SQL query...

9.8CVSS6.1AI score0.00351EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/11 7:10 p.m.27 views

CVE-2026-31896 WeGIA has a Time-Based Blind SQL Injection in remover_produto_ocultar.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The removerprodutoocultar.php script uses extract$REQUEST to populate local variables and then directly concatenates these variables into a SQL query...

9.8CVSS0.00351EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/11 7:8 p.m.2 views

CVE-2026-31895 WeGIA has a SQL Injection via Direct Query Interpolation in restaurar_produto.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...

8.8CVSS5.8AI score0.00387EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/11 7:8 p.m.27 views

CVE-2026-31895 WeGIA has a SQL Injection via Direct Query Interpolation in restaurar_produto.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...

8.8CVSS0.00387EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:8 p.m.4 views

CVE-2026-31895

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...

8.8CVSS5.8AI score0.00387EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/11 7:8 p.m.11 views

CVE-2026-31895

CVE-2026-31895 affects WeGIA (Web gerenciador para instituições assistenciais). Before version 3.6.6, the file html/matPat/restaurar_produto.php is vulnerable to SQL injection because the id_produto parameter from $_GET is directly interpolated into SQL queries without parameterization or sanitiz...

8.8CVSS5.8AI score0.00387EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/11 7:8 p.m.2 views

CVE-2026-31895 WeGIA has a SQL Injection via Direct Query Interpolation in restaurar_produto.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...

8.8CVSS5.8AI score0.00387EPSS
Exploits1References3
CVE
CVE
added 2026/03/11 6:28 p.m.13 views

CVE-2026-31877

Frappe (full-stack web framework) contains a SQL injection vulnerability prior to versions 15.84.0 and 14.99.0, exploitable via a specially crafted request to a certain endpoint. The issue can lead to information disclosure with high impact to confidentiality and integrity. The vulnerability is f...

9.8CVSS5.8AI score0.00285EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/11 6:28 p.m.5 views

EUVD-2026-11288

Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. This vulnerability is fixed in 15.84.0 and 14.99.0...

9.3CVSS5.8AI score0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 6:28 p.m.2 views

CVE-2026-31877 Frappe SQL Injection due to improper field sanitization

Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. This vulnerability is fixed in 15.84.0 and 14.99.0...

9.3CVSS5.8AI score0.00285EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 6:28 p.m.26 views

CVE-2026-31877 Frappe SQL Injection due to improper field sanitization

Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. This vulnerability is fixed in 15.84.0 and 14.99.0...

9.3CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 6:23 p.m.8 views

CVE-2019-25486

CVE-2019-25486 is described as a SQL injection in Varient 1.6.1. An unauthenticated attacker can inject SQL via the user_id parameter in POST requests, bypass authentication, and potentially extract sensitive data. The description does not specify affected products/vendors beyond “Varient 1.6.1,”...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:23 p.m.2 views

CVE-2019-25486

Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit POST requests with crafted SQL payloads in the userid field to bypass authentication and extract...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/11 6:16 p.m.3 views

CVE-2026-31858

Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...

8.8CVSS0.0035EPSS
Exploits0References2
NVD
NVD
added 2026/03/11 6:16 p.m.13 views

CVE-2026-31856

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g., stats.counter. The amount value is...

9.8CVSS0.00418EPSS
Exploits0References3
CVE
CVE
added 2026/03/11 6:1 p.m.20 views

CVE-2026-31871

Parse Server has a SQL injection vulnerability in the PostgreSQL storage adapter during Increment operations on nested object fields (dot notation, e.g., stats.counter). The sub-key name is interpolated into SQL literals without escaping, enabling an attacker who can submit REST API write request...

9.8CVSS5.9AI score0.00418EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder