|
2721
|
2.4 |
LOW
Network
|
-
|
-
|
Se determinó una vulnerabilidad en code-projects Exam Form Submission 1.0. Esta vulnerabilidad afecta código desconocido del archivo /admin/update_s6.php. La ejecución de una manipulación del argumen…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-4595
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2722
|
7.3 |
HIGH
Network
|
-
|
-
|
Una vulnerabilidad ha sido encontrada en erupts erupt hasta la versión 1.13.3. Afectada por este problema es la función geneEruptHqlOrderBy del archivo erupt-data/erupt-jpa/src/main/java/xyz/erupt/jp…
|
CWE-89
CWE-564
SQL Injection
SQL Injection: Hibernate
|
CVE-2026-4594
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2723
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyPr…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4597
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2724
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Una falla de seguridad ha sido descubierta en 648540858 wvp-GB28181-pro hasta 2.7.4. Afectada es la función selectAll del archivo src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamPr…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4597
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2725
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter H…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4612
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2726
|
7.3 |
HIGH
Network
|
-
|
-
|
Se ha encontrado una vulnerabilidad en itsourcecode Free Hotel Reservation System 1.0. Esto afecta una parte desconocida del archivo /hotel/admin/mod_users/index.php?view=edit&id=8 del componente…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4612
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2727
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sani…
|
CWE-89
SQL Injection
|
CVE-2026-2412
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2728
|
7.5 |
HIGH
Network
|
-
|
-
|
The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied paramete…
|
CWE-89
SQL Injection
|
CVE-2026-4306
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2729
|
7.5 |
HIGH
Network
|
-
|
-
|
El plugin WP Job Portal para WordPress es vulnerable a una inyección SQL a través del parámetro 'radius' en todas las versiones hasta la 2.4.8, incluida esta, debido a un escape insuficiente del pará…
|
CWE-89
SQL Injection
|
CVE-2026-4306
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2730
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. T…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-4613
|
2026-04-25 01:32 |
2026-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
