Search Results (37499 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1553 1 Fullrevolution 1 Aspwebalbum 2026-04-16 N/A
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.
CVE-2003-1458 1 Ttcms 2 Ttcms, Ttforum 2026-04-16 N/A
SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name.
CVE-2006-2058 1 Avantbrowser 1 Avant Browser 2026-04-16 N/A
Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
CVE-2006-1751 1 Michiel Van Baak 1 Mvblog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2005-4073 1 Cfmagic 1 Magic List Pro 2026-04-16 N/A
SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID parameter.
CVE-2006-0750 1 Supersmashbrothers 1 Army System 2026-04-16 N/A
SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php.
CVE-2004-0366 1 Pam-pgsql 1 Pam-pgsql 2026-04-16 N/A
SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements.
CVE-2006-2157 1 Plogger 1 Plogger 2026-04-16 N/A
SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". NOTE: This is a different vulnerability than CVE-2005-4246.
CVE-2005-3744 1 Phpcomasy 1 Phpcomasy 2026-04-16 N/A
SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php.
CVE-2026-25418 2 Bitpressadmin, Wordpress 2 Bit Form, Wordpress 2026-04-16 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
CVE-2026-25419 2 Flycart, Wordpress 2 Upsellwp, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.5.
CVE-2026-25420 2 Mailerlite, Wordpress 2 Mailerlite, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through <= 1.7.18.
CVE-2026-25423 2 Creativeinteractivemedia, Wordpress 2 Real3d Flipbook, Wordpress 2026-04-16 3.8 Low
Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.19.1.
CVE-2026-25459 2 Uixthemes, Wordpress 2 Sober, Wordpress 2026-04-16 4.3 Medium
Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through <= 3.5.12.
CVE-2026-27042 2 Wordpress, Wpdeveloper 2 Wordpress, Notificationx 2026-04-16 5.3 Medium
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through <= 3.2.1.
CVE-2026-27092 2 Greg Winiarski, Wordpress 2 Wpadverts, Wordpress 2026-04-16 6.5 Medium
Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.3.0.
CVE-2026-27328 2 Devsblink, Wordpress 2 Edublink, Wordpress 2026-04-16 5.3 Medium
Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through <= 2.0.7.
CVE-2026-24946 2 Tychesoftwares, Wordpress 2 Print Invoice & Delivery Notes For Woocommerce, Wordpress 2026-04-16 6.5 Medium
Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.8.0.
CVE-2026-24959 2 Joomsky, Wordpress 2 Js Help Desk, Wordpress 2026-04-16 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.1.
CVE-2026-39837 2 Mediawiki, Wikimedia 2 Cargo, Mediawiki-cargo Extension 2026-04-15 5.4 Medium
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7.