Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Vulnrichment
Vulnrichmentadded 2026/03/30 7:45 p.m.1 views

CVE-2026-5148 YunaiV yudao-cloud page sql injection

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

5.8CVSS5.7AI score0.00013EPSS
Exploits0References5
CVE
CVEadded 2026/03/30 7:45 p.m.5 views

CVE-2026-5148

CVE-2026-5148 affects YunaiV yudao-cloud (up to 2026.01). The vulnerability is in the /admin-api/system/mail-log/page path, caused by manipulation of the toMail argument that leads to SQL injection. It can be triggered remotely; a public exploit is available. The vendor was contacted early but di...

5.8CVSS5.7AI score0.00013EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/03/30 12:0 a.m.3 views

yudao-cloud SQL注入漏洞

Yudao-Cloud is a backend management system developed by YunaiV as an individual developer. Versions of Yudao-Cloud prior to 2026.01 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of parameters in files such as admin-api/system/mail-log/page, where the...

5.8CVSS5.9AI score0.00013EPSS
Exploits0References5
BDU FSTEC
BDU FSTECadded 2023/05/31 12:0 a.m.1 views

Vulnerability of the /admin/bookings/view_booking.php script of the SourceCodester AC Repair and Services system, allowing a hacker to execute arbitrary SQL code

The vulnerability in the “/admin/bookings/viewbooking.php” script of the SourceCodester AC Repair and Services system relates to the lack of protective measures for the SQL query structure when processing the parameter “tomail=&groupid=”. Exploiting this vulnerability allows an attacker to execut...

6.8CVSS0.00278EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTECadded 2023/05/10 12:0 a.m.2 views

The vulnerability in the admin/sendmailto.php script of the ZZCMS CMS system allows a hacker to execute arbitrary SQL code.

The vulnerability in the admin/sendmailto.php script of the ZZCMS CMS system relates to the lack of protection for the SQL query structure when processing the parameter tomail=&groupid=. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

8.5CVSS0.00255EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2023/04/28 12:0 a.m.3 views

PT-2023-2942 · Sourcecodester · Sourcecodester Ac Repair/Services System

Name of the Vulnerable Software and Affected Versions: SourceCodester AC Repair and Services System version 1.0 Description: A critical issue has been found in the system, affecting the /admin/bookings/view booking.php file. The manipulation of the id argument leads to SQL injection. This can be...

6.8CVSS7.2AI score0.00278EPSS
Exploits1References7
Rows per page
Query Builder