Lucene search
K

234691 matches found

Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.4 views

PT-2026-29112

A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewin costumer.php of the component Parameter Handler. Such manipulation of the argument cos id leads to sql injection. The attack can be launched remotely...

7.5CVSS5.8AI score0.00318EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29111

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

5.8CVSS5.7AI score0.00253EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/30 12:0 a.m.24 views

CVE-2026-33643

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go...

0.00192EPSS
Exploits1References2
CVE
CVE
added 2026/03/30 12:0 a.m.9 views

CVE-2026-33643

CVE-2026-33643 affects SchemaHero 0.23.0 with a SQL Injection flaw in the MySQL plugin path: the column.go processing in plugins/mysql/lib/column.go improperly handles the column parameter, allowing malicious input to alter table schema. Connected sources also describe similar risks in the Postgr...

7.4CVSS6AI score0.00192EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/30 12:0 a.m.1 views

CVE-2026-33643

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go...

7.4CVSS6AI score0.00192EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.3 views

PT-2026-29101

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...

7.5CVSS6.8AI score0.00326EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/30 12:0 a.m.1 views

CVE-2026-29953

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...

7.4CVSS6AI score0.00192EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.3 views

CVE-2026-29953

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...

6AI score0.00192EPSS
Exploits1References2
Grafana
Grafana
added 2026/03/30 12:0 a.m.10 views

RCE on Grafana via sqlExpressions

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS6.6AI score0.01929EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.8 views

Tautulli SQL注入漏洞

Tautulli is an open-source application developed by Tautulli for monitoring Plex Media Server. Versions of Tautulli from 2.14.2 to 2.17.0 had a SQL injection vulnerability. This vulnerability stemmed from the /api/v2?cmd=gethomestats endpoint not properly parameterizing its parameters, which coul...

4.9CVSS5.9AI score0.004EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2026/03/30 12:0 a.m.120 views

📄 Ghost CMS 6.19.0 SQL Injection

Ghost CMS versions 3.24.0 through 6.19.0 suffer from a remote SQL injection vulnerability via the content API. Exploit Title: Ghost CMS Unauthenticated SQLi via Content API Date: 2026-03-30 Exploit Author: Maksim Rogov Exploit Licence: GPL-3.0 Software Link: https://ghost.org/ Version: Ghost =...

9.4CVSS6AI score0.69996EPSS
Exploits7
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.7 views

Code-Projects Accounting System SQL注入漏洞

Code-Projects Accounting System is an accounting system open sourced by Code-Projects. Version 1.0 of Code-Projects Accounting System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter cosid in the file/viewincostumer.php of the Component Paramete...

7.5CVSS7.2AI score0.00318EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.8 views

yudao-cloud SQL注入漏洞

Yudao-Cloud is a backend management system developed by YunaiV as an individual developer. Versions of Yudao-Cloud prior to 2026.01 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of parameters in files such as admin-api/system/mail-log/page, where the...

5.8CVSS5.9AI score0.00253EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.3 views

Spring AI 1.0.x < 1.0.4 / 1.1.x < 1.1.3 Multiple Vulnerabilities

The version of Spring AI installed on the remote host is 1.0.x prior to 1.0.4 or 1.1.x prior to 1.1.3. It is, therefore, affected by multiple vulnerabilities: - A JSONPath injection vulnerability in AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access...

8.8CVSS6.2AI score0.00522EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in...

9.1CVSS6.4AI score0.01929EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/29 11:3 p.m.5 views

CVE-2026-5018

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

7.5CVSS5.8AI score0.00345EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/03/29 10:0 p.m.253 views

Exploit for SQL Injection in Ghost

CVE-2026-26980 👻 Ghost CMS Unauthenticated SQLi via Content...

9.4CVSS6AI score0.69996EPSS
Exploits7
Anthropic
Anthropic
added 2026/03/29 8:43 p.m.12 views

ANT-2026-H5T8XKWR · TryGhost/Ghost · sql-injection

sql-injection critical GHSA-w52v-v783-gw97 Severity Claude critical · Security research firm - · Maintainer critical Discovered by Claude Mythos Preview REPORT The report below was sent to the maintainer and sealed at approval. ANT-2026-H5T8XKWR: SQL injection in Content API The Ghost Content API...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/29 5:3 p.m.3 views

CVE-2026-4996

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

7.5CVSS5.7AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/29 5:3 p.m.5 views

CVE-2026-4997

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS5.5AI score0.0055EPSS
Exploits0References1
Rows per page
Query Builder