Lucene search
K

370 matches found

CVE
CVE
added 2026/05/27 7:54 a.m.16 views

CVE-2026-40831

CVE-2026-40831 affects Easy View and describes an unauthenticated SQL injection due to improper neutralization of special elements in a SQL SELECT command. A low-privilege remote attacker can exploit this to achieve total confidentiality loss. The connected sources confirm the vulnerability langu...

7.1CVSS5.9AI score0.00324EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:53 a.m.14 views

CVE-2026-40828 Authenticated SQLi in DeleteSysLogEntry function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS6AI score0.00295EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:53 a.m.14 views

EUVD-2026-32156

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...

7CVSS6AI score0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:52 a.m.33 views

CVE-2026-40826 Authenticated SQLi in dsgvo_contracts view

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dsgvocontracts view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

6.9CVSS0.00281EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:52 a.m.11 views

CVE-2026-40825

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS6AI score0.00239EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2026/05/27 7:50 a.m.21 views

CVE-2026-40822

The connected records confirm CVE-2026-40822 describes an unauthenticated SQL Injection in the DevSerialReset function, caused by improper neutralization of special elements in a SQL SELECT command. This allows a high-privilege, remote attacker to access data and leads to total confidentiality lo...

6.9CVSS5.9AI score0.00281EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/16 9:29 a.m.191 views

Exploit for CVE-2026-6433

CVE-2026-6433 — Proof of Concept FlipperCode — Custom CSS,...

7.3CVSS6.2AI score0.00753EPSS
Exploits2
CVE
CVE
added 2026/05/13 6:52 p.m.19 views

CVE-2026-42031

CVE-2026-42031 : CKAN (data management system) contains an unauthenticated SQL injection in the DataStore API endpoint datastore_search_sql. The flaw allows an attacker to inject SQL to access private resources and PostgreSQL system information. Affected CKAN versions: prior to 2.10.10 and prior ...

9.8CVSS5.9AI score0.01815EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 6:52 p.m.8 views

CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

8.3CVSS5.9AI score0.01815EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/12 10:3 a.m.22 views

WordPress AIWU plugin <= 1.4.21 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin AIWU versions = 1.4.21...

7.5CVSS5.9AI score0.00413EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/11 9:35 a.m.11 views

WordPress SureTriggers plugin < 1.1.23 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by mcdruid in WordPress Plugin OttoKit versions 1.1.23...

8.6CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/05 7:48 p.m.35 views

CVE-2026-40331 Masa CMS unauthenticated SQL injection via altTable parameter in JSON API

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...

9.3CVSS0.00317EPSS
Exploits0References1
CVE
CVE
added 2026/05/05 1:27 p.m.23 views

CVE-2026-4304

The CVE-2026-4304 entry concerns the WeePie Cookie Allow plugin for WordPress. Affected component: the plugin, throughout all versions up to and including 3.4.11. Root cause: insufficient escaping of the user-supplied consent parameter and lack of proper preparation in the SQL query, enabling SQL...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 3:37 a.m.9 views

CVE-2026-3456 GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.2.0 - Unauthenticated SQL Injection via 'attributekey'

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/24 4:50 a.m.50 views

CVE

Vulnerability Report: Unauthenticated SQL Injection in Hospita...

6.2AI score
Exploits0
Patchstack
Patchstack
added 2026/04/16 9:51 a.m.5 views

WordPress Riaxe Product Customizer plugin <= 2.1.2 - Unauthenticated SQL Injection via 'options' Parameter Keys in product_data vulnerability

Unauthenticated SQL Injection via 'options' Parameter Keys in productdata vulnerability discovered by Kai Aizen in WordPress Plugin Riaxe Product Customizer versions = 2.1.2...

7.5CVSS6AI score0.00489EPSS
Exploits0References1Affected Software1
Metasploit
Metasploit
added 2026/04/10 7:2 p.m.383 views

AVideo Unauthenticated SQL Injection Credential Dump

AVideo use auxiliary/gather/avideocatnamesqli msf auxiliaryavideocatnamesqli show actions ...actions... msf auxiliaryavideocatnamesqli set ACTION msf auxiliaryavideocatnamesqli show options ...show and set options... msf auxiliaryavideocatnamesqli run This module requires Metasploit:...

9.8CVSS6AI score0.0151EPSS
Exploits1
CVE
CVE
added 2026/04/02 8:59 a.m.10 views

CVE-2026-33615

The CVE-2026-33615 entry concerns MB connect line mbCONNECT24 with an unauthenticated SQL injection in the setinfo endpoint. The issue arises from improper neutralization in a SQL UPDATE command, enabling an attacker with network access (no auth, no user interaction) to compromise integrity and a...

9.1CVSS6.1AI score0.00415EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/04/02 8:59 a.m.25 views

CVE-2026-33614 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the getinfo endpoint

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.5CVSS0.00339EPSS
Exploits0References2
CVE
CVE
added 2026/03/24 11:27 a.m.16 views

CVE-2019-25643

CVE-2019-25643 affects eNdonesia Portal v8.7 and describes multiple SQL injection vulnerabilities in banners.php via the bid parameter. The flaws allow unauthenticated attackers to execute arbitrary SQL and exfiltrate information from INFORMATION_SCHEMA tables. The vulnerability is characterized ...

8.8CVSS6.2AI score0.00346EPSS
Exploits0References4
Rows per page
Query Builder