Lucene search
K

345 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2024-58352

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS6.2AI score
Exploits0References5
Nuclei
Nuclei
added yesterday16 views

Mailcow < 2026-03b - Href Link Injection

mailcow 2026-03b reflects raw REQUESTURI into JavaScript and href links on the login page, allowing attackers to inject parameters that break JS logic and enable phishing. id: CVE-2026-40878 info: name: Mailcow 2026-03b - Href Link Injection author: ritikchaddha severity: low description: | mailc...

2.1CVSS5.8AI score0.00805EPSS
Exploits0References3
Patchstack
Patchstack
added 2 days ago4 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) vulnerability

Missing Authorization to Unauthenticated Arbitrary Email Content Injection Mail Relay / Phishing vulnerability discovered by ? in WordPress Plugin Kirki versions = 6.0.11...

5.3CVSS5.8AI score0.00492EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2 days ago6 views

CVE-2026-34102

Guardian Language-System contains an unauthenticated SQL injection vulnerability in job_info_get.php via the id GET parameter. The query directly interpolates $_GET['id'] into a SELECT * FROM jobs where input1 = '".$_GET['id']."', enabling error-based SQL injection. The issue’s impact is high: po...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2 days ago7 views

CVE-2026-34099

The Guardian Language-System is vulnerable to unauthenticated SQL injection through the id parameter in job_info.php. The code directly injects $_GET['id'] into an unsanitized query (SELECT * FROM jobs where id = '...'), enabling error-based SQL injection without authentication. Reported impacts ...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
Nuclei
Nuclei
added last week19 views

QNAP Photo Station < 6.0.3 - Remote Code Execution

QNAP Photo Station versions prior to 6.0.3 contain multiple vulnerabilities that, when chained together, enable unauthenticated remote code execution RCE. id: CVE-2019-7194 info: name: QNAP Photo Station 6.0.3 - Remote Code Execution author: x-stp severity: critical description: | QNAP Photo...

9.8CVSS7.9AI score0.82966EPSS
Exploits8References1
NVD
NVD
added last week6 views

CVE-2026-56062

Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...

9.3CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added last week6 views

CVE-2026-56034

Unauthenticated SQL Injection in Library Management System = 3.5.7 versions...

9.3CVSS0.00291EPSS
Exploits0References1
NVD
NVD
added last week5 views

CVE-2026-54831

Unauthenticated SQL Injection in GeoDirectory = 2.8.162 versions...

9.3CVSS0.00283EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-54820

Unauthenticated SQL Injection in JetBooking = 4.0.4.1 versions...

9.3CVSS0.00283EPSS
Exploits0References1
EUVD
EUVD
added last week5 views

EUVD-2026-39721

Unauthenticated SQL Injection in JetEngine = 3.8.10.2 versions...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
CVE
CVE
added last week12 views

CVE-2026-54827

CVE-2026-54827 : Unauthenticated SQL Injection affecting WordPress Real Estate 7 theme versions ≤ 3.5.9. The vulnerability arises in the Real Estate 7 component and is exploitable without authentication, with a CVSS v3.1 base score of 9.3 (CRITICAL), indicating potential data exposure and confide...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
EUVD
EUVD
added last week4 views

EUVD-2026-39672

Unauthenticated SQL Injection in wpDataTables = 7.4 versions...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.20 views

CVE-2026-54849

CVE-2026-54849 concerns WordPress Premmerce Wishlist for WooCommerce plugin versions &lt;= 1.1.11, with unauthenticated SQL injection vulnerability. The connected records confirm the affected software (Premmerce Wishlist for WooCommerce), the vulnerable component (the plugin’s request handling le...

9.3CVSS5.9AI score0.00229EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/25 8:9 a.m.6 views

WordPress Dokan Pro plugin <= 5.0.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by lb in WordPress Plugin Dokan Pro versions = 5.0.4...

7.5CVSS6AI score0.00273EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/24 10:16 p.m.2 views

UBUNTU-CVE-2026-39893

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

9.8CVSS5.8AI score0.00363EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 5:25 p.m.5 views

EUVD-2019-20191

Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION...

8.8CVSS6.3AI score0.00366EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 4:21 p.m.6 views

EUVD-2017-18998

Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=comstreetguess&view=maps parameters a...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50988

Name of the Vulnerable Software and Affected Versions Joomla! Component J-BusinessDirectory version 4.9.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the type parameter via GET requests to the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/18 5:48 a.m.9 views

EUVD-2026-37851

Nur-Alam39 bus-ticket no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad contains an unauthenticated SQL injection vulnerability in businfo.php. The busid parameter received via HTTP POST is concatenated directly into a MySQL query select from businfo where id=$busid...

9.8CVSS5.9AI score0.00366EPSS
Exploits0References2
Rows per page
Query Builder