Lucene search
K

235496 matches found

CVE
CVE
added yesterday11 views

CVE-2026-15043

DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted = SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the ismatched method, = was evaluated using Perl's le operator...

9.8CVSS6.1AI score0.00184EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday7 views

CVE-2026-15043 DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted <= and >= SQL operators on text

DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted = SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the ismatched method, = was evaluated using Perl's le operator...

0.00184EPSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-15183

The CVE concerns the Snowflake Spark Connector (spark-snowflake) prior to version 3.2.1, where multiple input-validation issues enable attackers to exfiltrate OAuth client credentials, run arbitrary SQL under the connector’s Snowflake role, or redirect COPY operations to attacker-controlled stora...

9.2CVSS6.3AI score0.00208EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43644

Multiple input validation vulnerabilities in the Snowflake Spark Connector spark-snowflake versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or redirect COPY operations to attacker-controlled storage. An...

9.2CVSS6.3AI score0.00208EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday75 views

WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection

WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQL injection. The plugin does not sanitize, validate, or escape the id GET parameter before using it in a SQL statement when deleting donations. An attacker can possibly obtain sensitive information, modify data, and/o...

7.2CVSS7AI score0.0654EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday85 views

Fujian Kelixin Communication - Command Injection

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwdupdate.php. id: CVE-2024-2621 info: name: Fujian Kelixin Communication - Command...

9.8CVSS6.5AI score0.0194EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday25 views

NetMRI Unauthenticated SQL Injection via skipjackUsername

An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur. id: CVE-2025-32814 info: name: NetMRI Unauthenticated SQL Injection via skipjackUsername author: iamnoooob,pdresearch severity: critical description: | An issue was discovered in Infoblox NETMRI befo...

9.8CVSS7AI score0.37474EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday57 views

WeiPHP 5.0 - SQL Injection

WeiPHP 5.0 contains a SQL injection vulnerability via the wpwhere function. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2020-20300 info: name: WeiPHP 5.0 - SQL...

9.8CVSS7.1AI score0.08752EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday46 views

Subscribe to Category <= 2.7.4 - SQL Injection

The Subscribe to Category contains a sqlinjection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. id: CVE-2023-32590 info: name: Subscribe to Category = 2.7.4 - SQL Injection author:...

9.3CVSS7.2AI score0.01646EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday119 views

Piwigo 13.7.0 - SQL Injection

Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header User-Agent is vulnerable at the endpoint that records user information when logging in to the...

9.8CVSS7.2AI score0.97405EPSS
Exploits21References5
Nuclei
Nuclei
added yesterday36 views

Hongjing e-HR 2020 - SQL Injection

A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...

9.8CVSS6.7AI score0.03766EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday32 views

Mingsoft MCMS 5.2.9 - SQL Injection

Mingsoft MCMS v5.2.9 contains a SQL injection caused by unsanitized categoryType parameter at /content/list.do, letting attackers execute arbitrary SQL commands, exploit requires crafted input. id: CVE-2023-50578 info: name: Mingsoft MCMS 5.2.9 - SQL Injection author: ritikchaddha severity:...

9.8CVSS7.2AI score0.02222EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday23 views

WordPress GamiPress <= 2.5.7 - SQL Injection

The GamiPress plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.5.7 due to insufficient escaping on the user supplied parameter '$qv$fieldid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

9.8CVSS7AI score0.0257EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday10 views

LogDash Activity Log <= 1.1.3 - SQL Injection

The LogDash Activity Log plugin for WordPress is vulnerable to SQL Injection via the username parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

5.4CVSS6.1AI score0.00748EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday123 views

ECTouch v2 - SQL Injection

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php. id: CVE-2023-39560 info: name: ECTouch v2 - SQL Injection author: s4e-io severity: critical description: | ECTouch v2 was discovered to contain a SQL injection vulnerabili...

9.8CVSS7.1AI score0.04109EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday121 views

Wordpress Gift Cards <= 4.3.1 - SQL Injection

The Gift Cards Gift Vouchers and Packages WordPress Plugin, version = 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgvdoajaxvoucherpdfsavefunc action. id: CVE-2023-28662 info: name: Wordpress Gift Cards = 4.3.1 - SQL Injection author: xxcd...

9.8CVSS7AI score0.42186EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday27 views

Quiz and Survey Master <= 8.1.4 - SQL Injection

ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...

9.3CVSS7.2AI score0.01977EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday79 views

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

9.8CVSS7.2AI score0.87688EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday104 views

Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. id: CVE-2023-0630 info: name: Slimstat Analytics 4.9.3.3 Subscriber - SQL Injection author: DhiyaneshDK severity: high description...

8.8CVSS7.1AI score0.05141EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday49 views

404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection

The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. id: CVE-2015-9323 info: name: 404 to 301 = 2.0.2 - Authenticated Blind SQL Injection author: Harsh severity: critical description: | The 404 to 301 –...

9.8CVSS7AI score0.46125EPSS
Exploits4References5
Rows per page
Query Builder