Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

216214 matches found

Positive Technologies
Positive Technologiesadded 2026/05/17 12:0 a.m.8 views

PT-2026-41590

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/17 12:0 a.m.8 views

PT-2026-41556

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

8.8CVSS5.8AI score0.00317EPSS
Exploits0References5
NVD
NVDadded 2026/05/16 4:16 p.m.9 views

CVE-2021-47954

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the searchquery parameter. Attackers can send POST requests to /search.php with malicious searchquery values using CASE WHEN statements to extra...

8.8CVSS0.00237EPSS
Exploits0References2
NVD
NVDadded 2026/05/16 4:16 p.m.6 views

CVE-2021-47956

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive databas...

8.8CVSS0.00276EPSS
Exploits0References4
NVD
NVDadded 2026/05/16 4:16 p.m.19 views

CVE-2020-37243

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and...

8.8CVSS0.00276EPSS
Exploits0References4
NVD
NVDadded 2026/05/16 4:16 p.m.8 views

CVE-2020-37242

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or...

8.8CVSS0.00276EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/16 3:26 p.m.8 views

CVE-2021-47980 Fuel CMS 1.4.13 Blind SQL Injection via col Parameter

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

7.1CVSS5.9AI score0.00226EPSS
Exploits0References4
CVE
CVEadded 2026/05/16 3:26 p.m.7 views

CVE-2021-47956

The connected documents identify CVE-2021-47956 as affecting EgavilanMedia PHPCRUD 1.0 and describe a SQL injection vulnerability allowing unauthenticated attackers to manipulate database queries via the firstname parameter. Exploitation details include sending crafted POST requests to insert.php...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/16 3:26 p.m.34 views

CVE-2021-47956 EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive databas...

8.8CVSS0.00276EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/16 3:26 p.m.5 views

EUVD-2021-34824

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive databas...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/16 3:26 p.m.7 views

CVE-2021-47956 EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive databas...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/16 3:26 p.m.27 views

CVE-2021-47954 LayerBB 1.1.4 SQL Injection via search_query Parameter

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the searchquery parameter. Attackers can send POST requests to /search.php with malicious searchquery values using CASE WHEN statements to extra...

8.8CVSS0.00237EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/16 3:26 p.m.7 views

EUVD-2021-34841

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the searchquery parameter. Attackers can send POST requests to /search.php with malicious searchquery values using CASE WHEN statements to extra...

8.8CVSS5.9AI score0.00237EPSS
Exploits0References2
CVE
CVEadded 2026/05/16 3:25 p.m.10 views

CVE-2020-37244

Supsystic Membership 1.4.7 (WordPress plugin) contains an SQL injection vulnerability in the badges module, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting payloads through the 'search' and 'sidx' parameters. Attacks can use time-based blind or UNION-based SQL inj...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/16 3:25 p.m.34 views

CVE-2020-37244 WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS0.00276EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/16 3:25 p.m.37 views

CVE-2020-37242 WordPress Plugin Supsystic Ultimate Maps 1.1.12 SQL Injection via sidx

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or...

8.8CVSS0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/16 3:25 p.m.5 views

CVE-2020-37242

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or...

8.8CVSS6.2AI score0.00276EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/16 3:25 p.m.6 views

CVE-2020-37242 WordPress Plugin Supsystic Ultimate Maps 1.1.12 SQL Injection via sidx

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or...

8.8CVSS6.2AI score0.00276EPSS
Exploits0References4
Veracode
Veracodeadded 2026/05/16 9:40 a.m.7 views

SQL Injection

XWiki Full Calendar Macro is vulnerable to SQL Injection. The vulnerability is due to a SQL injection vulnerability by accessing database info or starting a DoS attack, where users with the right to view the Calendar.JSONService page including guest users can exploit this issue and access databas...

10CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
GithubExploit
GithubExploitadded 2026/05/16 9:29 a.m.157 views

Exploit for CVE-2026-6433

CVE-2026-6433 — Proof of Concept FlipperCode — Custom CSS,...

7.3CVSS6.2AI score0.00753EPSS
Exploits1
Rows per page
Query Builder