Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

233691 matches found

NVD
NVDadded 2026/05/07 9:16 p.m.9 views

CVE-2026-8097

A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may...

6.5CVSS0.00036EPSS
Exploits0References5
NVD
NVDadded 2026/05/07 9:16 p.m.9 views

CVE-2026-8098

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

7.5CVSS0.00043EPSS
Exploits0References5
CVE
CVEadded 2026/05/07 8:30 p.m.9 views

CVE-2026-8098

code-projects Feedback System 1.0 contains a SQL injection in an unknown function of /admin/checklogin.php triggered by manipulating the email parameter. The flaw can be exploited remotely, with exploits publicly disclosed. No remediation details are provided in the supplied documents.

7.5CVSS6.9AI score0.00043EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/07 8:30 p.m.6 views

CVE-2026-8098 code-projects Feedback System checklogin.php sql injection

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

7.5CVSS6.9AI score0.00043EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/07 8:30 p.m.3 views

CVE-2026-8098

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

7.5CVSS6.9AI score0.00043EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/05/07 8:15 p.m.29 views

CVE-2026-8097 CodeAstro Online Classroom askquery.php sql injection

A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may...

6.5CVSS0.00036EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/07 8:15 p.m.6 views

CVE-2026-8097 CodeAstro Online Classroom askquery.php sql injection

A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may...

6.5CVSS6.5AI score0.00036EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/07 8:15 p.m.4 views

CVE-2026-8097

A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may...

6.5CVSS6.5AI score0.00036EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2026/05/07 8:15 p.m.16 views

CVE-2026-8097

CVE-2026-8097 affects CodeAstro Online Classroom 1.0. The vulnerability is in unknown code of /askquery.php, where manipulating the squeryx argument enables SQL injection. Exploitation can be performed remotely, and public exploits exist. CVSS-derived metrics in the provided data indicate a MEDIU...

6.5CVSS6.5AI score0.00036EPSS
Exploits0References5
NVD
NVDadded 2026/05/07 7:16 p.m.5 views

CVE-2026-8083

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=saveuser. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be...

7.5CVSS0.00043EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/07 6:15 p.m.31 views

CVE-2026-8083 SourceCodester Pharmacy Sales and Inventory System ajax.php save_user sql injection

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=saveuser. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be...

7.5CVSS0.00043EPSS
Exploits0References5
CVE
CVEadded 2026/05/07 6:15 p.m.8 views

CVE-2026-8083

SourceCodester Pharmacy Sales and Inventory System 1.0 contains a SQL injection vulnerability in /ajax.php?action=save_user caused by manipulation of the ID parameter. Exploitation is remote and publicly disclosed. Affects an unknown portion of the application; CVSS metrics indicate high impact o...

7.5CVSS6.9AI score0.00043EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/07 6:15 p.m.3 views

CVE-2026-8083

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=saveuser. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be...

7.5CVSS6.9AI score0.00043EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/07 6:15 p.m.5 views

CVE-2026-8083 SourceCodester Pharmacy Sales and Inventory System ajax.php save_user sql injection

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=saveuser. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be...

7.5CVSS6.9AI score0.00043EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/05/07 5:9 p.m.9 views

Django: Django: SQL Injection via RasterField band index parameter

A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on RasterField only implemented on PostGIS. This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of...

5.4CVSS7.3AI score0.06568EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2026/05/07 5:9 p.m.6 views

Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()

A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the .QuerySet.orderby method. This occurs when column aliases containing periods are used, and the same alias is also present in FilteredRelation via a specially crafted dictionary. Successful exploitatio...

5.4CVSS7.8AI score0.00013EPSS
Exploits1References7
EUVD
EUVDadded 2026/05/07 3:38 p.m.7 views

EUVD-2026-28377

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

5.8AI score0.00016EPSS
Exploits0References3
NVD
NVDadded 2026/05/07 3:16 p.m.8 views

CVE-2026-44349

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no...

7.1CVSS0.0002EPSS
Exploits0References2
Patchstack
Patchstackadded 2026/05/07 2:39 p.m.4 views

WordPress eMagicOne Store Manager plugin <= 1.3.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ossacip Thanh in WordPress Plugin eMagicOne Store Manager versions = 1.3.2...

5.9AI score0.00039EPSS
Exploits0Affected Software1
NVD
NVDadded 2026/05/07 2:16 p.m.7 views

CVE-2026-41490

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

8.3CVSS0.00059EPSS
Exploits0References2
Rows per page
Query Builder