CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/19 12:0 a.m.•5 views

CVE-2026-31069

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

6.1AI score0.00365EPSS

CNNVD•added 2026/05/19 12:0 a.m.•5 views

TYPO3 Extension Address List SQL注入漏洞

TYPO3 Extension Address List is an open-source extension for TYPO3, designed for address book and contact management purposes. TYPO3 Extension Address List has a SQL injection vulnerability; this vulnerability stems from the getSqlQuery method not properly cleaning user input, which may lead to S...

8.2CVSS5.8AI score0.00327EPSS

CNNVD•added 2026/05/19 12:0 a.m.•7 views

WordPress plugin Contest Gallery SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00391EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•6 views

PT-2026-41866

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS6AI score0.00386EPSS

Exploits0References2

Cvelist•added 2026/05/19 12:0 a.m.•37 views

CVE-2026-31069

0.00365EPSS

EUVD•added 2026/05/19 12:0 a.m.•6 views

EUVD-2026-30946

6.1AI score0.00365EPSS

ATTACKERKB•added 2026/05/19 12:0 a.m.•6 views

CVE-2026-31069

6.1AI score0.00365EPSS

Exploits0References4

CNNVD•added 2026/05/19 12:0 a.m.•7 views

billabear 安全漏洞

Billabear is an open-source self-hosted subscription management and billing system developed by Billabear. There is a security vulnerability in Billabear, which stems from the fact that the names of user-controlled metric filters and aggregation properties in the EventRepository are directly...

8.8CVSS6.1AI score0.00365EPSS

Exploits0References2

CVE•added 2026/05/19 12:0 a.m.•10 views

CVE-2026-31069

The CVE-2026-31069 entry concerns BillaBear (versions before Jan 2026) with a SQL Injection in the EventRepository. The root cause is unsafely interpolating user-controlled identifiers (filter names and aggregation property keys) into SQL via sprintf(), while values are parameterized. An authenti...

8.8CVSS6.1AI score0.00365EPSS

CNNVD•added 2026/05/19 12:0 a.m.•8 views

TYPO3 Extension News system SQL注入漏洞

TYPO3 Extension News system is an open-source extension for TYPO3 that allows for the publishing of news and content. The TYPO3 Extension News system has a SQL injection vulnerability, which stems from insufficient user input cleaning. This vulnerability could allow unauthenticated attackers to...

8.2CVSS6AI score0.00386EPSS

Tenable Nessus•added 2026/05/19 12:0 a.m.•6 views

SUSE SLES15 Security Update : php8 (SUSE-SU-2026:1957-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1957-1 advisory. This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when...

9.8CVSS6.5AI score0.00505EPSS

Exploits1References25

Tenable Nessus•added 2026/05/19 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-8851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to...

Tenable Nessus•added 2026/05/19 12:0 a.m.•10 views

SUSE SLES15 Security Update : php8 (SUSE-SU-2026:1958-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1958-1 advisory. This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when...

9.8CVSS6.5AI score0.00505EPSS

Exploits1References25

OSV•added 2026/05/18 9:16 p.m.•2 views

DEBIAN-CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

NVD•added 2026/05/18 9:16 p.m.•8 views

CVE-2026-8851

8.6CVSS0.00306EPSS

OSV•added 2026/05/18 9:16 p.m.•1 views

UBUNTU-CVE-2026-8851

EUVD•added 2026/05/18 8:10 p.m.•8 views

Exploits0References6

EUVD-2026-30804

SOGo 5.12.7 contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can inject malicious SQ...

ATTACKERKB•added 2026/05/18 8:10 p.m.•4 views

CVE-2026-8851

Vulnrichment•added 2026/05/18 8:10 p.m.•5 views

Exploits0References4

CVE-2026-8851 SOGo < 5.12.8 SQL Injection via addUserInAcls endpoint