Lucene search
K

2119 matches found

CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

WordPress plugin Deston 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00512EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

WordPress plugin NaturaLife Extensions 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

WordPress plugin Moments 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.5 views

WordPress plugin LoveDate 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

WordPress plugin Belfort 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2026/03/21 4:16 p.m.6 views

CVE-2019-25576

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

8.8CVSS0.00338EPSS
Exploits1References4
CVE
CVE
added 2026/03/21 3:30 p.m.11 views

CVE-2019-25576

CVE-2019-25576 affects Kepler Wallpaper Script 1.1 and is described as an SQL injection in the category parameter. An unauthenticated attacker can send GET requests with URL-encoded SQL UNION statements to retrieve data such as usernames, database names, and MySQL version details. The connected s...

8.8CVSS6.2AI score0.00338EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26924

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

8.8CVSS6.2AI score0.00338EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/20 10:31 a.m.3 views

CVE-2026-33133 WeGIA has an arbitrary SQL execution vulnerability via crafted backup archive

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...

8.6CVSS6.1AI score0.00401EPSS
Exploits1References3
NVD
NVD
added 2026/03/20 5:16 a.m.8 views

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

8.8CVSS0.00878EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/20 4:14 a.m.4 views

EUVD-2026-13543

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

8.6CVSS6.3AI score0.00878EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/19 6:41 a.m.25 views

CVE-2026-27093 WordPress Tripgo theme < 1.5.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Tripgo tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a through 1.5.6...

8.1CVSS0.00344EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/18 5:21 p.m.3 views

CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

7CVSS5.8AI score0.00325EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/16 9:19 p.m.13 views

Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

Summary The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and...

8CVSS6.1AI score0.00279EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/16 4:34 p.m.3 views

GHSA-49G7-2WW7-3VF5 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Summary The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module glances/exports/glancesduckdb/init.py was not included in this fix...

7CVSS5.9AI score0.00325EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to steal sensitive database data by injecting a...

9.8CVSS5.8AI score0.00281EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 11:42 a.m.9 views

CVE-2026-32426

The CVE-2026-32426 entry describes a Local File Inclusion (LFI) vulnerability in the WordPress plugin Medilazar Core (themelexus) prior to version 1.4.7 . The root cause is improper control of the filename for include/require in PHP, effectively enabling LFI. Affected software: Medilazar Core

7.5CVSS5.8AI score0.00381EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.7 views

WordPress plugin WpBookingly 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.8AI score0.00381EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.6 views

WordPress plugin Medilazar Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00381EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:46 p.m.3 views

CVE-2026-31830

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder