Lucene search
K

234701 matches found

Cvelist
Cvelist
added 2026/03/27 4:13 p.m.24 views

CVE-2026-33770 AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...

7.1CVSS0.00492EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 4:13 p.m.2 views

CVE-2026-33770

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...

7.1CVSS6AI score0.00492EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 4:12 p.m.2 views

CVE-2026-33767

WWBN AVideo is an open source video platform. In versions up to and including 26.0, in objects/like.php, the getLike method constructs a SQL query using a prepared statement placeholder ? for usersid but directly concatenates $this-videosid into the query string without parameterization. An...

7.1CVSS6AI score0.00509EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/27 4:12 p.m.18 views

CVE-2026-33767

CVE-2026-33767 – AVideo (WWBN) SQL Injection via partial prepared statement Affected: WWBN AVideo

8.8CVSS6AI score0.00509EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/27 3:30 p.m.3 views

EUVD-2026-16656

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/27 3:30 p.m.3 views

EUVD-2026-16630

A security vulnerability has been detected in mingSoft MCMS 迄 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/27 3:30 p.m.4 views

EUVD-2026-16654

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/27 3:30 p.m.5 views

EUVD-2026-16634

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS6.5AI score0.01929EPSS
Exploits0References2
NVD
NVD
added 2026/03/27 3:17 p.m.3 views

CVE-2026-4956

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS0.00318EPSS
Exploits0References4
NVD
NVD
added 2026/03/27 3:17 p.m.8 views

CVE-2026-4955

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

7.5CVSS0.00254EPSS
Exploits0References5
NVD
NVD
added 2026/03/27 3:17 p.m.9 views

CVE-2026-4954

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

6.5CVSS0.00192EPSS
Exploits0References4
NVD
NVD
added 2026/03/27 3:16 p.m.7 views

CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS0.01929EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/27 3:16 p.m.3 views

CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS6.7AI score0.01929EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 3:16 p.m.4 views

UBUNTU-CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS6.5AI score0.01929EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:52 p.m.1 views

CVE-2026-4956

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS5.8AI score0.00318EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/27 2:52 p.m.26 views

CVE-2026-4956 Shenzhen Ruiming Technology Streamax Crocus Parameter DevicePrint.do sql injection

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS0.00318EPSS
Exploits0References4
CVE
CVE
added 2026/03/27 2:52 p.m.15 views

CVE-2026-4956

A CVE for Shenzhen Ruiming Technology Streamax Crocus 1.3.44 affecting the Parameter Handler’s DevicePrint.do?Action=ReadTask function. The vulnerability arises from manipulation of the State argument, leading to SQL injection. It is exploitable remotely and the exploit is public. The CVE notes n...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/27 2:52 p.m.4 views

CVE-2026-4956 Shenzhen Ruiming Technology Streamax Crocus Parameter DevicePrint.do sql injection

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/27 2:51 p.m.3 views

CVE-2026-4955 Shenzhen Ruiming Technology Streamax Crocus OperateStatistic.do sql injection

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:51 p.m.2 views

CVE-2026-4955

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder