Lucene search
K

8093 matches found

NVD
NVD
added yesterday6 views

CVE-2026-56841

A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device...

8.8CVSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-50747

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device...

9.9CVSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-41399

A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device...

8.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57763

Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...

6.5CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57756

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-57763

CVE-2026-57763 affects the WordPress Structured Content plugin (versions ≤ 1.7.0). The description notes a Contributor Cross Site Scripting (XSS) vulnerability; the provided documents do not specify the exact root cause, impacted file(s), or remediation steps.

6.5CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-57763

Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...

6.5CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday20 views

CVE-2026-57763 WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...

6.5CVSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-41296

Contributor SQL Injection in Custom Field Template = 2.7.8 versions...

8.5CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added yesterday38 views

JS Help Desk <= 2.8.2 - SQL Injection

JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...

7.5CVSS5.8AI score0.01317EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday28 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6AI score0.01875EPSS
Exploits1References2
Patchstack
Patchstack
added yesterday6 views

WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Structured Content versions = 1.7.0...

6.5CVSS5.8AI score
Exploits0Affected Software1
NVD
NVD
added 2 days ago6 views

CVE-2026-34105

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translatetext.php line 15: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS0.00373EPSS
Exploits0References2
CVE
CVE
added 2 days ago8 views

CVE-2026-34105

CVE-2026-34105 — Guardian Language-System : The vulnerability is in translate_text.php where the id GET parameter is directly interpolated into an unsanitized SQL query: SELECT id, filename, extension, type FROM files where id = '".$_GET['id']."'. This enables an error-based SQL injection, allowi...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2 days ago4 views

SUSE CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.00137EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-3602 IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of...

4.7CVSS0.00161EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 3 days ago4 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00319EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-40296

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. NOTE: The vendor was...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-40263

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

8.6CVSS5.8AI score0.00262EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-13752

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...

8CVSS0.00188EPSS
Exploits0References1
Rows per page
Query Builder