Lucene search
K

862 matches found

Nuclei
Nuclei
added 8 hours ago38 views

JS Help Desk <= 2.8.2 - SQL Injection

JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...

7.5CVSS6.1AI score0.01317EPSS
Exploits0References2
CVE
CVE
added 3 days ago9 views

CVE-2026-15287

The CVE-2026-15287 entry affects the rtMedia plugin for WordPress, BuddyPress and bbPress. It describes a time-based SQL Injection via the order_by parameter in all versions up to and including 4.6.18, caused by insufficient escaping of user input and inadequate preparation of the SQL query. Auth...

6.5CVSS6AI score0.00276EPSS
Exploits0References2
CVE
CVE
added 5 days ago9 views

CVE-2026-59257

This CVE affects n8n before 1.123.61 and 2.x before 2.27.4, specifically the legacy MySQL v1 node’s executeQuery operation. The root cause is that evaluated {{ ... }} expression values are substituted directly into the raw SQL string without parameterization, enabling SQL injection when a workflo...

8.8CVSS6.3AI score0.00314EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42163

The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventerverificationcode user meta field when a user requests a password reset. The plaintext key...

9.8CVSS6AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 5:45 a.m.36 views

CVE-2026-14799 CodeAstro Ecommerce Website my_account.php sql injection

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. Impacted is an unknown function of the file /customer/myaccount.php?mywishlist. The manipulation of the argument deletewishlist results in sql injection. The attack can be launched remotely. The exploit has been released to t...

6.5CVSS0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 8:30 a.m.8 views

EUVD-2026-41739

A weakness has been identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patientreport.php. Executing a manipulation of the argument editid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

6.5CVSS6.6AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 1:15 a.m.10 views

EUVD-2026-41711

A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulation of the argument apartmentno results in sql injection. The attack may be launched remotely. The...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.11 views

PT-2026-55797

Name of the Vulnerable Software and Affected Versions mjperpinosa stumasy versions up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be Description A remote SQL injection is possible due to improper manipulation of the field name argument within the Notes controller::search scratch data function locate...

6.5CVSS6.7AI score0.00204EPSS
Exploits0References9
CVE
CVE
added 2026/07/04 5:45 p.m.14 views

CVE-2026-14638

Summary of the CVE-2026-14638 : A flaw exists in itsourcecode Hospital Management System 1.0, affecting an unknown function in the file /patient.php. Manipulation of the argument editid enables a possible SQL injection . The attack surface is described as remote, and the exploit has been publishe...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 12:17 p.m.8 views

CVE-2026-57756

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.8 views

CVE-2026-57667

Sales Representative SQL Injection in Groundhogg = 4.5 versions...

8.5CVSS5.8AI score0.00211EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 9:0 a.m.16 views

CVE-2026-52712

CVE-2026-52712 affects the WordPress Attendance Manager plugin version &lt;= 0.6.2 and is described as a Subscriber SQL Injection vulnerability. The initial documents cite a CVSSv3.1 base score of 7.6 (High) with network attack vector, low attack complexity, and high confidentiality impact, but d...

7.6CVSS5.7AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 12:2 p.m.8 views

EUVD-2016-10897

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49390

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 12:31 a.m.15 views

EUVD-2026-36360

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2...

9.3CVSS5.6AI score0.0039EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/11 12:0 a.m.9 views

Security update for cacti, cacti-spine (critical)

openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2026:0033-1 Rating: critical References: 1231027 1231369 1231370 1231371 1231372 1236482 1236486 1236487 1236488 1236489 1236490 Cross-References: CVE-2024-43362 CVE-2024-43363 CVE-2024-43364...

9.1CVSS5.9AI score0.54024EPSS
Exploits20References11
EUVD
EUVD
added 2026/06/08 7:30 p.m.15 views

EUVD-2026-35198

A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47269

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search staff for deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed t...

6.5CVSS6.4AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47246

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

7.5CVSS5.4AI score0.00275EPSS
Exploits0References7
CVE
CVE
added 2026/06/06 3:15 p.m.30 views

CVE-2026-11435

The vulnerability CVE-2026-11435 affects Jinher OA 1.0, specifically the nextselectplan.aspx file. The issue stems from manipulating the httpOID argument, enabling a SQL injection. It is a network-accessible flaw with LOW confidentiality, integrity, and availability impacts per the CVSS, and has ...

7.5CVSS7AI score0.00259EPSS
Exploits0References5
Rows per page
Query Builder