Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

233030 matches found

Vulnrichment
Vulnrichmentadded 2026/05/27 7:56 a.m.4 views

CVE-2026-40835 Authenticated SQLi in saveObjectFromData function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00039EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/27 7:55 a.m.9 views

EUVD-2026-32133

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00039EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 7:55 a.m.5 views

CVE-2026-40834

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00039EPSS
Exploits0References2Affected Software4
CVE
CVEadded 2026/05/27 7:55 a.m.8 views

CVE-2026-40834

CVE-2026-40834 describes an unauthenticated SQL injection in the saveDashboardLayout function of dash_layout.php. A low-privileged remote attacker can trigger the vulnerability over the network to read the entire database and insert entries into a non-critical table, resulting in total loss of co...

7.1CVSS6AI score0.00039EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/27 7:55 a.m.25 views

CVE-2026-40833 Authenticated SQLi in saveDashboardLayout function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS0.00039EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/27 7:55 a.m.8 views

CVE-2026-40833 Authenticated SQLi in saveDashboardLayout function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00039EPSS
Exploits0References1
CVE
CVEadded 2026/05/27 7:55 a.m.7 views

CVE-2026-40833

CVE-2026-40833 describes an unauthenticated SQL Injection in the saveDashboardLayout function of dash.php, allowing a low-privileged, remote attacker to read the entire database and insert data into a non-critical table. The issue arises from improper neutralization of user-supplied elements in a...

7.1CVSS6AI score0.00039EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/27 7:55 a.m.24 views

CVE-2026-8054 Unauthenticated SQL Injection in dotCMS Publish Audit API

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS0.00458EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/27 7:55 a.m.4 views

CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS6.1AI score0.00458EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/05/27 7:55 a.m.18 views

CVE-2026-8054

dotCMS Core versions 25.11.04-1 to 26.04.28-02 contain an SQL injection in the Publish Audit API (/api/auditPublishing/get and /api/auditPublishing/getAll). The endpoints did not require authentication and used unsanitized input in dynamically constructed SQL, allowing remote unauthenticated atta...

10CVSS6.1AI score0.00458EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/27 7:54 a.m.6 views

CVE-2026-40832

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00039EPSS
Exploits0References2Affected Software4
Cvelist
Cvelistadded 2026/05/27 7:54 a.m.23 views

CVE-2026-40832 Authenticated SQLi in getDevicegroups function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS0.00039EPSS
Exploits0References1
CVE
CVEadded 2026/05/27 7:54 a.m.7 views

CVE-2026-40831

CVE-2026-40831 affects Easy View and describes an unauthenticated SQL injection due to improper neutralization of special elements in a SQL SELECT command. A low-privilege remote attacker can exploit this to achieve total confidentiality loss. The connected sources confirm the vulnerability langu...

7.1CVSS5.9AI score0.00039EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/27 7:54 a.m.6 views

CVE-2026-40831 Authenticated SQLi in Easy View

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00039EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/27 7:54 a.m.7 views

EUVD-2026-32159

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00043EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 7:53 a.m.10 views

CVE-2026-40829

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00043EPSS
Exploits0References2Affected Software4
EUVD
EUVDadded 2026/05/27 7:53 a.m.8 views

EUVD-2026-32158

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00043EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/27 7:53 a.m.5 views

CVE-2026-40829 Authenticated SQLi in UpdateParam function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00043EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/27 7:53 a.m.23 views

CVE-2026-40829 Authenticated SQLi in UpdateParam function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS0.00043EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/27 7:53 a.m.10 views

CVE-2026-40828 Authenticated SQLi in DeleteSysLogEntry function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS6AI score0.00043EPSS
Exploits0References1
Rows per page
Query Builder