CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/05 3:37 a.m.•39 views

CVE-2026-3456 GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.2.0 - Unauthenticated SQL Injection via 'attributekey'

7.5CVSS0.00278EPSS

EUVD•added 2026/05/05 3:31 a.m.•3 views

EUVD-2026-27188

The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

ATTACKERKB•added 2026/05/05 2:26 a.m.•4 views

Exploits0References20

CVE-2026-5100

Vulnrichment•added 2026/05/05 2:26 a.m.•5 views

Exploits0References20

CVE-2026-5100 AWP Classifieds <= 4.4.5 - Unauthenticated SQL Injection via 'regions'

CVE•added 2026/05/05 2:26 a.m.•7 views

Exploits0References19

CVE-2026-5100

The CVE-2026-5100 entry concerns the WordPress AWP Classifieds plugin up to v4.4.5, vulnerable to SQL Injection via the regions parameter array keys due to insufficient escaping and lack of prepared statements. The issue allows unauthenticated attackers to append additional SQL to existing querie...

RedhatCVE•added 2026/05/05 2:20 a.m.•3 views

Exploits0References19

CVE-2026-7694

A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. Executing a manipulation of the argument fCircuitids can lead to sql injection. The...

7.5CVSS6.8AI score0.00325EPSS

EUVD•added 2026/05/05 12:30 a.m.•7 views

EUVD-2026-27155

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

6.5CVSS6.4AI score0.00241EPSS

Exploits0References5

ATTACKERKB•added 2026/05/05 12:0 a.m.•3 views

CVE-2026-38428

Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. As a result, attackers can inject arbitrary SQL expressions into the...

6AI score0.00367EPSS

Exploits1References3

CNNVD•added 2026/05/05 12:0 a.m.•6 views

SQLBot SQL注入漏洞

SQLBot is an intelligent data querying system developed by DataEase, based on large models and RAG techniques. Versions of SQLBot 1.7.0 and earlier contained a SQL injection vulnerability. This vulnerability stemmed from the Text2SQL chat interface, where the user-provided question parameter was...

9.4CVSS6.1AI score0.00603EPSS

Exploits2References1

CNNVD•added 2026/05/05 12:0 a.m.•7 views

WordPress plugin Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00272EPSS

Exploits1References2

Positive Technologies•added 2026/05/05 12:0 a.m.•8 views

PT-2026-37237

Name of the Vulnerable Software and Affected Versions Masa CMS versions 7.2.0 through 7.2.9 Masa CMS versions 7.3.0 through 7.3.14 Masa CMS versions 7.4.0 through 7.4.9 Masa CMS versions 7.5.0 through 7.5.2 Description The unauthenticated JSON API accepts an altTable parameter that is stored via...

9.3CVSS6AI score0.00317EPSS

Exploits0References4

CNNVD•added 2026/05/05 12:0 a.m.•9 views

Masa CMS SQL注入漏洞

Masa CMS is a digital experience platform operated by Masa CMS organization. Masa CMS has a SQL injection vulnerability, which stems from improper handling of the sortDirection parameter in the getQuery function of the beanFeed.cfc component. This vulnerability could allow unauthenticated remote...

9.3CVSS6AI score0.00425EPSS

CNNVD•added 2026/05/05 12:0 a.m.•7 views

Masa CMS SQL注入漏洞

Masa CMS is an enterprise content management platform based on open-source technology, developed by Masa CMS organization. Masa CMS versions 7.5.2 and earlier have a SQL injection vulnerability. This vulnerability stems from the improper handling of the sortBy parameter in the getQuery function o...

9.3CVSS6.2AI score0.00302EPSS

CNNVD•added 2026/05/05 12:0 a.m.•5 views

Masa CMS SQL注入漏洞

Masa CMS is a digital experience platform. Masa CMS has a SQL injection vulnerability, which stems from the unvalidated JSON API accepting the altTable parameter and storing it through the setAltTable method. This may allow unauthorized attackers to read sensitive data through arbitrary subquerie...

9.3CVSS6AI score0.00317EPSS

CNNVD•added 2026/05/05 12:0 a.m.•4 views

WordPress plugin GeekyBot SQL注入漏洞

7.5CVSS5.9AI score0.00278EPSS

CNNVD•added 2026/05/05 12:0 a.m.•6 views

ProFTPD SQL注入漏洞

ProFTPD is an open-source FTP server software with high configurability developed by ProFTPD. Versions prior to ProFTPD 1.3.9a contained a SQL injection vulnerability. This vulnerability stems from the sqltabFetchClientsCB function in contrib/modwrap2sql.c. When the option “UseReverseDNS on” is...

8.1CVSS6AI score0.00455EPSS

Positive Technologies•added 2026/05/05 12:0 a.m.•2 views

PT-2026-36953

Name of the Vulnerable Software and Affected Versions AWP Classifieds versions prior to 4.4.6 Description Insufficient escaping of user-supplied parameters and lack of proper preparation in SQL queries allow unauthenticated attackers to append additional SQL queries. This issue occurs via the...