Lucene search
K

234715 matches found

CNNVD
CNNVD
added 2026/03/27 12:0 a.m.5 views

WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a SQL injection vulnerability. This vulnerability stems from the getLike method in objects/like.php, which directly appends the videosid value to the SQL que...

8.8CVSS5.8AI score0.00509EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28673

Name of the Vulnerable Software and Affected Versions Shenzhen Ruiming Technology Streamax Crocus versions up to 1.3.44 Description A security issue exists in Shenzhen Ruiming Technology Streamax Crocus. The issue involves a SQL injection affecting an unknown function within the /RemoteFormat.do...

7.5CVSS5.6AI score0.00259EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.12 views

Code-Projects Social Networking Site SQL注入漏洞

Code-Projects Social Networking Site is an open-source social networking site developed by Code-Projects. Version 1.0 of Code-Projects Social Networking Site has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file deletephotos.php, whic...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.9 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a fully open-source J2EE system developed by MingSoft Corporation. Versions of MingSoft MCMS 5.5.0 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the net/mingsoft/cms/action/web/ContentAction.java file, which may lead to SQL...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28627

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet is open source device management software susceptible to a SQL injection issue in its MDM bootstrap package configuration. An authenticated user possessing Team Admin or Global Admin privileges...

8.8CVSS6AI score0.60368EPSS
Exploits18References46
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.3 views

PT-2026-28626

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet is open source device management software susceptible to a second-order SQL injection in its Apple MDM profile delivery pipeline. An attacker possessing a valid MDM enrollment certificate could...

8.8CVSS5.9AI score0.08123EPSS
Exploits7References45
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.9 views

SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online meal ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System contains a security vulnerability. This vulnerability arises from the saveuser operation in the Actions.php file,...

8.8CVSS5.9AI score0.00446EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2026/03/27 12:0 a.m.7 views

Grafana -- RCE on Grafana via sqlExpressions

https://grafana.com/security/security-advisories/cve-2026-27876 reports: A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avo...

9.1CVSS6.6AI score0.01929EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 11:4 p.m.3 views

CVE-2026-4825

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /updatesales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS6.4AI score0.00303EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.4 views

CVE-2026-33909

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...

5.9CVSS6AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.5 views

CVE-2026-33713

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

8.7CVSS6AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.5 views

CVE-2026-33910

OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to...

8.8CVSS5.8AI score0.00427EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/03/26 9:56 p.m.3 views

CVE-2026-4900 code-projects Online Food Ordering System localhost.sql privilege escalation

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and...

6.9CVSS5.6AI score0.00433EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/26 9:31 p.m.8 views

EUVD-2026-16351

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

6.5CVSS5.8AI score0.00434EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/26 9:31 p.m.8 views

EUVD-2026-16305

Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...

5.9AI score0.00373EPSS
Exploits1References4
NVD
NVD
added 2026/03/26 9:17 p.m.3 views

CVE-2026-33545

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

6.5CVSS0.00276EPSS
Exploits1References3
NVD
NVD
added 2026/03/26 9:17 p.m.4 views

CVE-2026-33375

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

6.5CVSS0.00434EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 8:32 p.m.3 views

CVE-2026-33545 MobSF has SQL Injection in its SQLite Database Viewer Utils

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

5.3CVSS6AI score0.00276EPSS
Exploits1References3
OSV
OSV
added 2026/03/26 8:32 p.m.4 views

CVE-2026-33545 MobSF has SQL Injection in its SQLite Database Viewer Utils

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

5.3CVSS5.9AI score0.00276EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/03/26 8:30 p.m.8 views

Django: Django: SQL Injection via crafted column aliases

A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...

8.3CVSS7.6AI score0.00754EPSS
Exploits0References7
Rows per page
Query Builder