Lucene search
K

234690 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/03/31 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-48281

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Custom Product Designer: from n/a through = 3.21.1...

9.3CVSS5.9AI score0.01308EPSS
In wildExploits0References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Code-Projects Student Membership System SQL注入漏洞

Code-Projects Student Membership System is an open-source student management system developed by Code-Projects. Version 1.0 of the Code-Projects Student Membership System has a SQL injection vulnerability. This vulnerability stems from unknown issues in the user registration processing program,...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29408

The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the sort parameter in the payments listing endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied sort parameter and lack of...

6.5CVSS6AI score0.0036EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

SourceCodester Teacher Record System SQL注入漏洞

The SourceCodester Teacher Record System is an open-source teacher record system developed by SourceCodester. Version 1.0 of the SourceCodester Teacher Record System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the 'searchteacher' parameter, which may le...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

Code-Projects Student Membership System SQL注入漏洞

The Code-Projects Student Membership System is an open-source student management system developed by Code-Projects. Version 1.0 of the Code-Projects Student Membership System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters username and password in...

7.5CVSS7.2AI score0.00344EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29407

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage user.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29216

A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /delete user.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

6.5CVSS5.8AI score0.00192EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/30 9:31 p.m.3 views

EUVD-2026-17216

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

5.8CVSS5.7AI score0.00253EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/30 7:45 p.m.1 views

CVE-2026-5150

A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewincostumer.php of the component Parameter Handler. Such manipulation of the argument cosid leads to sql injection. The attack can be launched remotely. Th...

7.5CVSS5.8AI score0.00318EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/03/30 7:45 p.m.10 views

CVE-2026-5150

CVE-2026-5150 affects code-projects Accounting System 1.0, specifically the Parameter Handler’s handling of cos_id in the file /viewin_costumer.php. The issue allows manipulation of cos_id leading to an SQL injection, with the attack possible remotely and the exploit publicly disclosed. The avail...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/30 7:45 p.m.3 views

CVE-2026-5148

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

5.8CVSS5.7AI score0.00253EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/30 7:45 p.m.1 views

CVE-2026-5148 YunaiV yudao-cloud page sql injection

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

5.8CVSS5.7AI score0.00253EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/30 7:45 p.m.21 views

CVE-2026-5148 YunaiV yudao-cloud page sql injection

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

5.8CVSS0.00253EPSS
Exploits0References5
CVE
CVE
added 2026/03/30 7:45 p.m.7 views

CVE-2026-5148

CVE-2026-5148 affects YunaiV yudao-cloud (up to 2026.01). The vulnerability is in the /admin-api/system/mail-log/page path, caused by manipulation of the toMail argument that leads to SQL injection. It can be triggered remotely; a public exploit is available. The vendor was contacted early but di...

5.8CVSS5.7AI score0.00253EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/30 7:42 p.m.4 views

EUVD-2026-17206

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

4.9CVSS5.9AI score0.004EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/30 7:42 p.m.3 views

CVE-2026-31799 Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

4.9CVSS5.9AI score0.004EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/30 7:42 p.m.22 views

CVE-2026-31799 Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

4.9CVSS0.004EPSS
Exploits1References2
CVE
CVE
added 2026/03/30 7:42 p.m.14 views

CVE-2026-31799

CVE-2026-31799 affects Tautulli (Python-based Plex monitor) where the /api/v2?cmd=get_home_stats endpoint passes query parameters (section_id, user_id, before, after) directly into SQL via Python %-string formatting without parameterization, from versions 2.14.2–2.16.x (before 2.17.0) for certain...

4.9CVSS5.9AI score0.004EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/30 7:18 p.m.8 views

EUVD-2026-16756

Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin...

8.7CVSS6AI score0.00318EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/30 7:18 p.m.6 views

Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin

Summary A SQL Injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet database, and inject arbitrary content into team configs v...

8.8CVSS6AI score0.00318EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder