Lucene search
K

234701 matches found

RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.3 views

CVE-2026-30533

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manageproduct.php file via the "id" parameter...

9.8CVSS6AI score0.00394EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-4908

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

7.5CVSS6.8AI score0.00393EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.3 views

SUSE CVE-2026-32750

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their...

6.8CVSS5.8AI score0.00431EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.5 views

SUSE CVE-2026-32767

SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlyin...

9.8CVSS6.2AI score0.00541EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.4 views

SUSE CVE-2026-33503

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configur...

7.2CVSS6AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.12 views

SUSE CVE-2026-33505

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.6 views

PT-2026-28731

Name of the Vulnerable Software and Affected Versions code-projects Simple Food Order System version 1.0 Description A security flaw exists in code-projects Simple Food Order System version 1.0. The issue resides in the Parameter Handler component, specifically within the file /all-tickets.php...

7.5CVSS5.7AI score0.00333EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.4 views

PT-2026-28715

Name of the Vulnerable Software and Affected Versions Sinaptik AI PandasAI versions up to 3.0.0 Description A security flaw exists in Sinaptik AI PandasAI up to version 3.0.0. The issue resides within the is sql query safe function located in the pandasai/helpers/sql sanitizer.py file, allowing f...

6.9CVSS5.7AI score0.0055EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.5 views

PT-2026-28733

Name of the Vulnerable Software and Affected Versions code-projects Simple Food Order System version 1.0 Description A security issue exists in code-projects Simple Food Order System version 1.0 related to SQL injection. The issue is located in the all-orders.php file within the Parameter Handler...

7.5CVSS5.9AI score0.00449EPSS
Exploits1References9
VulnCheck KEV
VulnCheck KEV
added 2026/03/28 12:0 a.m.11 views

VulnCheck KEV: CVE-2026-21643

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

9.8CVSS7.5AI score0.94085EPSS
In wildExploits1References17
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.11 views

Code-Projects Simple Food Order System SQL注入漏洞

Code-Projects Simple Food Order System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Simple Food Order System has a SQL injection vulnerability. This vulnerability stems from an unknown function in the Component Parameter Handler’s fi...

9.8CVSS7.1AI score0.00333EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.10 views

PT-2026-28732

Name of the Vulnerable Software and Affected Versions Simple Food Order System version 1.0 Description A flaw exists in Simple Food Order System 1.0 related to the handling of parameters. Specifically, manipulating the Name argument can lead to SQL injection. This issue affects an unknown functio...

7.5CVSS5.8AI score0.00345EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.6 views

PT-2026-28714

Name of the Vulnerable Software and Affected Versions Sinaptik AI PandasAI versions up to 0.1.4 Description A SQL injection issue exists in the pandasai-lancedb Extension within Sinaptik AI PandasAI. The issue is located in the file extensions/ee/vectorstores/lancedb/pandasai lancedb/lancedb.py a...

7.5CVSS5.7AI score0.00259EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.9 views

PandasAI 路径遍历漏洞

PandasAI is a Python library that integrates artificial intelligence functions into pandas, making data frames interactive. Versions of PandasAI 3.0.0 and earlier contained a path traversal vulnerability, which was caused by incorrect operations on the issqlquerysafe function, potentially leading...

6.9CVSS6.1AI score0.0055EPSS
Exploits0References5
NVD
NVD
added 2026/03/27 11:17 p.m.5 views

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS0.00392EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.6 views

CVE-2026-33153

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

8.7CVSS6AI score0.00446EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.4 views

CVE-2026-33504

Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens ar...

7.2CVSS6.2AI score0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.7 views

CVE-2026-4900

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and...

6.9CVSS5.8AI score0.00433EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.5 views

CVE-2026-33503

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configur...

7.2CVSS6AI score0.00252EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/27 10:41 p.m.160 views

penetration-testing-reports

penetration-testing-reports A collection of penetration testin...

6AI score
Exploits0
Rows per page
Query Builder