Lucene search
K

234705 matches found

Cvelist
Cvelist
added 2026/03/27 2:52 p.m.26 views

CVE-2026-4956 Shenzhen Ruiming Technology Streamax Crocus Parameter DevicePrint.do sql injection

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS0.00318EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/27 2:52 p.m.4 views

CVE-2026-4956 Shenzhen Ruiming Technology Streamax Crocus Parameter DevicePrint.do sql injection

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/27 2:51 p.m.3 views

CVE-2026-4955 Shenzhen Ruiming Technology Streamax Crocus OperateStatistic.do sql injection

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:51 p.m.2 views

CVE-2026-4955

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/27 2:51 p.m.28 views

CVE-2026-4955 Shenzhen Ruiming Technology Streamax Crocus OperateStatistic.do sql injection

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

7.5CVSS0.00254EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/27 2:26 p.m.3 views

CVE-2021-27124

SQL injection in the expertise parameter in searchresult.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack...

6.5CVSS6.7AI score0.05721EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:25 p.m.6 views

CVE-2021-27320

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter...

7.5CVSS7.9AI score0.09299EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:25 p.m.8 views

CVE-2021-27319

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter...

7.5CVSS7.9AI score0.07826EPSS
Exploits3References1
AlpineLinux
AlpineLinux
added 2026/03/27 2:24 p.m.5 views

CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS7.1AI score0.01929EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/27 2:24 p.m.5 views

CVE-2026-27876 RCE on Grafana via sqlExpressions

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS6.5AI score0.01929EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/27 2:24 p.m.0 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the sqlExpressions feature. An attacker can execute unauthorized commands on the system by chaining SQL Expressions with plugin functionality. Remediation Upgrade github.com/grafana/grafana/pkg/expr/sql to version...

9.1CVSS6AI score0.01929EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:24 p.m.5 views

CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS6.5AI score0.01929EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/27 2:24 p.m.31 views

CVE-2026-27876 RCE on Grafana via sqlExpressions

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS0.01929EPSS
Exploits0References1
CVE
CVE
added 2026/03/27 2:24 p.m.97 views

CVE-2026-27876

Grafana (OSS) is affected when the sqlExpressions feature toggle is enabled, enabling a chained attack against a Grafana Enterprise plugin that can lead to remote arbitrary code execution (RCE). Affected ranges and fixes are: 11.6.0–11.6.14 (fix in 11.6.14); 12.0.0–12.1.10 (fix in 12.1.10; 12.0 i...

9.1CVSS6.5AI score0.01929EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 2:24 p.m.11 views

CVE-2021-27672

SQL Injection in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component...

4.9CVSS7.8AI score0.01327EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:23 p.m.11 views

CVE-2021-27946

SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. issue 1 of 3...

8.8CVSS8.1AI score0.04201EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:23 p.m.12 views

CVE-2021-27948

SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. issue 3 of 3...

7.2CVSS8.2AI score0.009EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:23 p.m.8 views

CVE-2021-27999

A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database...

4.9CVSS7.9AI score0.00841EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/27 2:8 p.m.3 views

CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...

8.8CVSS6.1AI score0.00387EPSS
Exploits1References1
CVE
CVE
added 2026/03/27 2:8 p.m.10 views

CVE-2026-33755

Group-Office (enterprise CRM/groupware) has an authenticated SQL Injection in the JMAP Contact/query endpoint affecting versions before 6.8.158, 25.0.92, and 26.0.17. An authenticated user with basic addressbook access can extract arbitrary data from the database, including active session tokens ...

8.8CVSS6.1AI score0.00387EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder