Lucene search
K

5802 matches found

Nuclei
Nuclei
added 9 hours ago77 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6.2AI score0.01875EPSS
Exploits1References2
EUVD
EUVD
added yesterday9 views

EUVD-2026-41809

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /apartment-visitor/visitor-entry.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The exploit is...

6.5CVSS6.6AI score0.002EPSS
Exploits0References6
CVE
CVE
added 2 days ago9 views

CVE-2026-14772

CVE-2026-14772 affects SourceCodester Class and Exam Timetabling System 1.0/1.php. The vulnerability is a SQL injection in the edit_course1.php file, triggered by manipulating the ID parameter, indicating an unsafe query construction in that function. The issue is exploitable remotely and the pub...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-14771 SourceCodester Class and Exam Timetabling System edit_exam1.php sql injection

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /editexam1.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-14768

A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-14766 CodeAstro Apartment Visitor Management System POST Parameter search-result.php sql injection

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection...

6.5CVSS0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-41760

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/addroom.php. Executing a manipulation of the argument deleteimage/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. T...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago25 views

CVE-2026-14750 mjperpinosa stumasy accessing_dictionary_authorization.php accessing_dictionary_authorization sql injection

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notescontroller::accessingdictionaryauthorization of the file application/PHP/objects/notes/accessingdictionaryauthorization.php. The manipulation of the...

7.5CVSS0.00269EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41750

A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-listrent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to t...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 2 days ago10 views

CVE-2026-14743

CVE-2026-14743 affects the code-projects Real State Services 1.0. The vulnerability is a SQL injection in an unknown function of the file /normalHomeSale.php triggered by manipulating the loc argument. Exploitation can be performed remotely, and public exploit code is available. The provided docu...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago38 views

CVE-2026-14734 SourceCodester Class and Exam Timetabling System edit_product.php sql injection

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /editproduct.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used...

7.5CVSS0.00412EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-41741

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. This issue affects some unknown processing of the file /editcoursea.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be us...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-14731 itsourcecode Hospital Management System patientreport.php sql injection

A weakness has been identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patientreport.php. Executing a manipulation of the argument editid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

6.5CVSS0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-14705 code-projects Online Examination head.php sql injection

A vulnerability was determined in code-projects Online Examination 1.0. Affected by this issue is some unknown functionality of the file head.php. Executing a manipulation of the argument uname/password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS0.00263EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-41720

A vulnerability was detected in code-projects Internship Management System 1.0. This affects an unknown function of the file employer/details/changepassword.php of the component Password Change Endpoint. The manipulation of the argument Current results in sql injection. The attack can be executed...

6.5CVSS5.8AI score0.002EPSS
Exploits0References6
NVD
NVD
added 2 days ago5 views

CVE-2026-14692

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function saveshoptype of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...

6.5CVSS0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-55831

Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A SQL injection issue exists in the /paymentdischarge.php endpoint. This occurs when the patientid variable is manipulated, allowing a remote attacker to execute unauthorized...

6.5CVSS6.8AI score0.00204EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-55824

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /edit course1.php file where the manipulation of the ID argument allows for SQL injection. This allows a remote attacker to interfere with the...

7.5CVSS7.1AI score0.00269EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago25 views

CVE-2026-14654 SourceCodester Simple and Nice Shopping Cart Script girlsproductdeletequery.php sql injection

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit is publicly...

7.5CVSS0.00412EPSS
Exploits0References6
NVD
NVD
added 3 days ago6 views

CVE-2026-14648

A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function testinput of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible to...

7.5CVSS0.00347EPSS
Exploits0References6
Rows per page
Query Builder