Lucene search
K

26 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-13262

The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter in all versions up to, and including, 1.1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

6.5CVSS0.00352EPSS
Exploits0References10
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43122

The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter in all versions up to, and including, 1.1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

6.5CVSS6.1AI score0.00352EPSS
Exploits0References10
CVE
CVE
added 3 days ago12 views

CVE-2026-13262

CVE-2026-13262 affects the Majestic Support WordPress plugin (up to version 1.1.9). The issue is a generic SQL injection in the val parameter caused by insufficient escaping and lack of proper query preparation, allowing an attacker to append additional SQL to existing queries and potentially ext...

6.5CVSS6.1AI score0.00352EPSS
Exploits0References10
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-13262 Majestic Support <= 1.1.9 - Authenticated (Subscriber+) SQL Injection via 'val' Parameter

The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter in all versions up to, and including, 1.1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

6.5CVSS0.00352EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/03 4:30 a.m.8 views

EUVD-2026-41487

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'realval' parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.9AI score0.00304EPSS
Exploits0References14
CVE
CVE
added 2026/07/03 4:30 a.m.23 views

CVE-2026-13040

The CVE covers the NEX-Forms – Ultimate Forms Plugin for WordPress (up to version 9.2.2). It exposes a Stored Cross-Site Scripting (XSS) flaw via the real_val__ parameter due to insufficient input sanitization and output escaping. The vulnerability is exploitable because the wp_ajax_nopriv_submit...

7.2CVSS5.9AI score0.00304EPSS
Exploits0References14
EUVD
EUVD
added 2026/02/27 6:31 p.m.6 views

EUVD-2019-19719

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS6AI score0.00315EPSS
Exploits1References4
OSV
OSV
added 2026/02/27 6:16 p.m.4 views

CVE-2019-25493

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

7.5CVSS5.9AI score0.00315EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/27 5:23 p.m.25 views

CVE-2019-25493 Homey BNB V4 SQL Injection via getrecord.php

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS0.00315EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 5:23 p.m.5 views

CVE-2019-25493

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS6AI score0.00315EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/27 5:23 p.m.5 views

CVE-2019-25493 Homey BNB V4 SQL Injection via getrecord.php

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS6AI score0.00315EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

Doditsolutions Homey BNB SQL注入漏洞

Doditsolutions Homey BNB is a homestay reservation system operated by the Indian company Doditsolutions. Doditsolutions Homey BNB V4 has a SQL injection vulnerability; this vulnerability stems from the val parameter being susceptible to SQL injections, which may allow unverified attackers to...

8.8CVSS5.8AI score0.00315EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22361

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS6AI score0.00315EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-2165

Malware in sbrugna...

7.5CVSS7.6AI score0.01536EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.4 views

CVE-2025-51281

D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en, val and id parameters in the qjasp function. This vulnerability allows authenticated attackers to cause a Denial of Service DoS by sending crafted GET requests with overly long values for these parameters...

7CVSS6.9AI score0.00417EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/25 12:0 a.m.2 views

CVE-2025-51281

D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en, val and id parameters in the qjasp function. This vulnerability allows authenticated attackers to cause a Denial of Service DoS by sending crafted GET requests with overly long values for these parameters...

6.8AI score0.00417EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/06/03 12:0 a.m.7 views

Unicom Focal Point 安全漏洞

Unicom Focal Point is a portfolio management and decision analysis tool from Unicom, Inc. for use by corporate and government agency product organizations. A security vulnerability exists in Unicom Focal Point version 7.6.1 that stems from stored cross-site scripting in the val parameter and...

6.1CVSS6AI score0.00202EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/19 12:0 a.m.13 views

CVE-2024-39962

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21D240126 was discovered to contain a remote code execution RCE vulnerability in the ntpzoneval parameter at /goform/setntp. This vulnerability is exploited via a crafted HTTP request...

8.2AI score0.02057EPSS
Exploits1References1
CNVD
CNVD
added 2018/07/19 12:0 a.m.6 views

joyplus-cms SQL Injection Vulnerability

joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A SQL injection vulnerability exists in joyplus-c...

9.8CVSS9.7AI score0.01452EPSS
Exploits1References1
OSV
OSV
added 2018/07/18 7:29 p.m.6 views

CVE-2018-14389

joyplus-cms 1.6.0 has SQL Injection via the manager/adminajax.php val parameter...

9.8CVSS5.8AI score0.01452EPSS
Exploits1References1
Rows per page
Query Builder