Lucene search
K

21 matches found

NVD
NVD
added 2026/06/30 7:16 a.m.9 views

CVE-2026-11590

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

8.6CVSS0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:0 a.m.8 views

EUVD-2026-40263

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

8.6CVSS5.8AI score0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 6:0 a.m.15 views

CVE-2026-11590

The WP Support Plus Responsive Ticket System WordPress plugin (≤ 9.1.2) is vulnerable because it does not sanitize user-supplied array keys before using them in a SQL statement, enabling unauthenticated SQL injection via filter[elements] array keys. Impact is unauthenticated access to manipulate ...

8.6CVSS5.8AI score0.00262EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Ceph

An authentication flaw was discovered in Ceph versions prior to 14.2.20. When the monitor processes CEPHXGETAUTHSESSIONKEY requests, it does not sanitize otherkeys, allowing for key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid that has...

7.2CVSS6.5AI score0.0211EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 12:0 a.m.9 views

EUVD-2026-30946

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

6.1AI score0.00365EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 5:20 p.m.18 views

CVE-2026-39317

...

0.0003EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/07 5:20 p.m.2 views

CVE-2026-39317

...

5.9AI score0.0003EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.4 views

CVE-2026-3368

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitizeigdata function which only sanitizes array values but not array keys,...

7.2CVSS6AI score0.00321EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/21 12:31 a.m.5 views

EUVD-2026-13918

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitizeigdata function which only sanitizes array values but not array keys,...

7.2CVSS6AI score0.00321EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.8 views

PT-2026-26718

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and including 1.2.9. This is due to insufficient input sanitization in the sanitize ig data function which only sanitizes array values but not array keys...

7.2CVSS6AI score0.00321EPSS
Exploits0References19
Cvelist
Cvelist
added 2026/03/19 11:14 p.m.18 views

CVE-2026-32763 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...

8.2CVSS0.00419EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/18 12:59 p.m.7 views

SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Summary Kysely through 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path string literals '$.key' without escaping single quotes. An...

8.2CVSS6AI score0.00419EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/02/27 3:34 p.m.7 views

EUVD-2026-9026

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux Service Dependencies modules allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24...

8.3CVSS6AI score0.00271EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 2:16 p.m.9 views

CVE-2026-2751

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux Service Dependencies modules allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24...

9.8CVSS0.00271EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/27 1:33 p.m.6 views

CVE-2026-2751 Blind SQL Injection

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux Service Dependencies modules allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24...

8.3CVSS6AI score0.00271EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/27 1:33 p.m.7 views

CVE-2026-2751

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux Service Dependencies modules allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24...

9.8CVSS6AI score0.00271EPSS
Exploits0References2
CVE
CVE
added 2026/02/27 1:33 p.m.40 views

CVE-2026-2751

CVE-2026-2751 affects Centreon Web on Central Server (Linux) in the Service Dependencies module. The root cause is a Blind SQL Injection due to unsanitized array keys during deletion of Service Dependencies. Affected versions are Centreon Web before 25.10.8, 24.10.20, and 24.04.24. The vulnerabil...

9.8CVSS6AI score0.00271EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20632

The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.4. This is due to insufficient input sanitization and output escaping on the pma api key and pma sender address parameters. This makes it...

4.4CVSS5.7AI score0.00244EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/04 9:54 p.m.25 views

CVE-2026-25575 NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...

8.8CVSS0.00444EPSS
Exploits1References3
Snyk
Snyk
added 2025/09/01 5:41 p.m.2 views

XML Injection

Overview Affected versions of this package are vulnerable to XML Injection via the contenthandler.startElement call with missing sanitization. An attacker can manipulate input data by crafting dictionary keys that inject arbitrary XML elements or break the structure of the generated XML document...

6.9CVSS7.3AI score0.00417EPSS
Exploits0References2
Rows per page
Query Builder