Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
20 results
CVE-2026-46364
CRITICAL CVSS 9.3
Find Similar
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent he
Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting (XSS) vulnerability exists in the `editableTable.twig` com
A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.ca
CVE-2026-44381
CRITICAL CVSS 9.3
Find Similar
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow a
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special eleme
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the br
MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin() method reads gr('mode') from $_REQUEST and assigns i
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT comman
A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/m
A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code usin
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the e
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attacker
A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end genera
Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads li
CVE-2018-25128
CRITICAL CVSS 9.3
Find Similar
SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authenti
CVE-2025-9943
CRITICAL CVSS 9.1
Find Similar
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider (SP) is configured to use an SQL database as stor
Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository usin
# Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. # Details Unauthorized users can access `/hazelcast/rest/maps/submit-job`
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers c
← Previous Page 5