Lucene search
+L

72 matches found

cve
cve
added yesterday11 views

CVE-2026-12512

CVE-2026-12512 affects the Quotes Llama WordPress plugin prior to 3.1.6. The root cause is improper sanitization/escaping of a user-supplied parameter before it is used in a SQL query, enabling unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the databas...

8.6CVSS6.2AI score0.00194EPSS
Exploits0References1
cvelist
cvelist
added yesterday23 views

CVE-2026-12512 Quotes Llama < 3.1.6 - Unauthenticated SQL Injection via sc Parameter

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

0.00194EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 2:52 p.m.8 views

EUVD-2026-39699

Unauthenticated SQL Injection in 워드프레스 결제 심플페이 = 5.5.6 versions...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
cve
cve
added 2026/06/26 2:52 p.m.10 views

CVE-2026-56036

The CVE-2026-56036 entry describes an unauthenticated SQL injection affecting the WordPress plugin 결제 심플페이 (SimplePay) for versions &lt;= 5.5.6. CVSSv3.1: 9.3 (CRITICAL), vectors: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L. Impact is confidentiality high; integrity none; availability low. Affected softw...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
euvd
euvd
added 2026/06/18 10:21 a.m.18 views

EUVD-2026-37872

claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...

9.8CVSS5.8AI score0.00587EPSS
Exploits0References3
euvd
euvd
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37621

Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References2
nvd
nvd
added 2026/06/17 1:20 p.m.15 views

CVE-2026-22340

Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...

9.3CVSS0.00372EPSS
Exploits0References1
euvd
euvd
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36951

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
euvd
euvd
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36944

Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...

9.3CVSS5.7AI score0.00363EPSS
Exploits0References2
nvd
nvd
added 2026/06/15 9:16 p.m.9 views

CVE-2026-39441

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

9.3CVSS0.00283EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.16 views

PT-2026-49384

Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...

9.3CVSS5.7AI score0.00363EPSS
Exploits1References2
packetstorm
packetstorm
added 2026/06/08 12:0 a.m.118 views

📄 ProjeQtor 12.4.3 SQL Injection

This Metasploit auxiliary module targets an unauthenticated SQL injection vulnerability in ProjeQtor login functionality and is structured as a scanner-style module with multiple operational modes. Version 12.4.3 is affected...

9.8CVSS5.6AI score0.00558EPSS
Exploits2
redhatcve
redhatcve
added 2026/06/05 7:13 p.m.11 views

CVE-2026-40828

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS5.8AI score0.00295EPSS
Exploits0References1
nvd
nvd
added 2026/05/27 9:16 a.m.24 views

CVE-2026-40846

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS0.00262EPSS
Exploits0References1
nvd
nvd
added 2026/05/27 9:16 a.m.33 views

CVE-2026-40843

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS0.00262EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/27 7:58 a.m.12 views

CVE-2026-40846 Authenticated SQLi in system view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/27 7:58 a.m.34 views

CVE-2026-40845 Authenticated SQLi in devices_configuration view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devicesconfiguration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS0.00262EPSS
Exploits0References1
cve
cve
added 2026/05/27 7:53 a.m.21 views

CVE-2026-40829

CVE-2026-40829 describes an unauthenticated SQL Injection in the view.html.php UpdateParam function, exploitable by a high-privilege remote attacker. It can read the entire database and alter values in a non-critical table, leading to total confidentiality loss and some integrity loss. The connec...

7CVSS6AI score0.00295EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/27 7:48 a.m.32 views

CVE-2026-40818 Unauthenticated SQLi in _mb24confi_getDevice function function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24configetDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS0.0032EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/27 7:38 a.m.34 views

CVE-2026-40810 Unauthenticated SQLi in userinfo Endpoint

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS0.0032EPSS
Exploits0References1
Rows per page
Query Builder