CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 4 hours ago•8 views

CVE-2026-9829 Photo Gallery by 10Web <= 1.8.41 - Authenticated (Contributor+) SQL Injection via 'compact_album_order_by' Shortcode Parameter

6.5CVSS

Exploits0References12

ATTACKERKB•added 4 hours ago•3 views

CVE-2026-9829

6.5CVSS5.8AI score

Cvelist•added 6 hours ago•6 views

CVE-2026-8978 OptinCraft <= 1.2.0 - Authenticated (Administrator+) SQL Injection via 'order_by' Parameter

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS

Exploits0References5

ATTACKERKB•added 6 hours ago•7 views

CVE-2026-8978

4.9CVSS5.8AI score

Exploits0References6

CVE•added 6 hours ago•6 views

CVE-2026-8978

The CVE covers OptinCraft

4.9CVSS5.7AI score

Exploits0References5

RedhatCVE•added 8 hours ago•6 views

CVE-2026-10875

A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS6.4AI score0.00028EPSS

RedhatCVE•added 8 hours ago•5 views

CVE-2026-10874

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

6.5CVSS6.5AI score0.00028EPSS

Positive Technologies•added 9 hours ago•3 views

PT-2026-47135

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'order by' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

4.9CVSS5.8AI score

Exploits0References5

Positive Technologies•added 9 hours ago•7 views

PT-2026-47144

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compact album order by' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficien...

6.5CVSS5.8AI score

ATTACKERKB•added yesterday•4 views

CVE-2026-6448

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

4.9CVSS5.7AI score

6.8CVSS5.7AI score0.00015EPSS

CVE-2025-15441

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

CVE-2026-7266

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function saveorder of the file /admin/ajax.php?action=saveorder. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public an...

RedhatCVE•added yesterday•4 views

CVE-2026-7114

A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilize...

6.5CVSS6.4AI score0.00012EPSS

CVE-2026-7743

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

RedhatCVE•added yesterday•4 views

CVE-2026-7293

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function deletecategory of the file /admin/ajax.php?action=deletecategory. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and...

5.8CVSS5.5AI score0.00039EPSS

6.5CVSS6.4AI score0.00036EPSS

CVE-2026-7118

A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argument id/token leads to sql injection. The attack is possible to be carried out remotely. The explo...

CVE-2026-7716

A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument day results in sql injection. The attack can be initiated remotely. The exploit has been made publi...

5.8CVSS5.5AI score0.00039EPSS

CVE-2026-7282

A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function deleteexpired of the file /ajax.php?action=deleteexpired. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is...

CVE-2026-7741

A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be us...