CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/02 8:59 a.m.•9 views

CVE-2026-33614

CVE-2026-33614 concerns MB connect line mbCONNECT24, where an unauthenticated SQL injection is possible in the getinfo endpoint. The vulnerability arises from improper neutralization of special elements in a SQL SELECT command, leading to potential total loss of confidentiality (CVSS v3.1 base sc...

7.5CVSS6.1AI score0.00339EPSS

Exploits0References2Affected Software2

Cvelist•added 2026/04/02 8:59 a.m.•25 views

CVE-2026-33614 MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the getinfo endpoint

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.5CVSS0.00339EPSS

EUVD•added 2026/04/02 6:31 a.m.•7 views

EUVD-2026-18126

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...

NVD•added 2026/04/02 6:16 a.m.•4 views

Exploits0References5

CVE-2026-5322

7.5CVSS0.00259EPSS

Cvelist•added 2026/04/02 5:30 a.m.•33 views

CVE-2026-5322 AlejandroArciniegas mcp-data-vis MCP server.js request sql injection

7.5CVSS0.00259EPSS

ATTACKERKB•added 2026/04/02 5:30 a.m.•2 views

CVE-2026-5322

Vulnrichment•added 2026/04/02 5:30 a.m.•2 views

CVE-2026-5322 AlejandroArciniegas mcp-data-vis MCP server.js request sql injection

CVE•added 2026/04/02 5:30 a.m.•14 views

CVE-2026-5322

Technical details about CVE-2026-5322 are not publicly provided in the supplied documents. No affected versions, root cause, or remediation is disclosed here. Monitor for updates and corroborating advisories.

RedhatCVE•added 2026/04/02 5:4 a.m.•6 views

CVE-2026-30273

pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base.executesqlquery component...

7.3CVSS6AI score0.00187EPSS

RedhatCVE•added 2026/04/02 5:4 a.m.•4 views

CVE-2026-5237

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manageuser.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is possib...

7.5CVSS6.8AI score0.00259EPSS

RedhatCVE•added 2026/04/02 5:4 a.m.•3 views

CVE-2026-5238

A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /viewemployee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed...

7.5CVSS6.8AI score0.00259EPSS

RedhatCVE•added 2026/04/02 5:4 a.m.•4 views

CVE-2026-4668

The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the sort parameter in the payments listing endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied sort parameter and lack of...

6.5CVSS6AI score0.0036EPSS

Positive Technologies•added 2026/04/02 12:0 a.m.•3 views

PT-2026-29745

A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible to be carried out...

7.5CVSS6.8AI score0.00371EPSS

Exploits1References6

CNNVD•added 2026/04/02 12:0 a.m.•6 views

ModulithShop SQL注入漏洞

ModulithShop is an online shopping system developed by Shopsuite’s individual developers. ModulithShop has a SQL injection vulnerability. This vulnerability stems from improper handling of parameters sidx/sort in the function listItem in the file...

6.5CVSS6.6AI score0.00204EPSS

Exploits0References7

Positive Technologies•added 2026/04/02 12:0 a.m.•4 views

PT-2026-29726

A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/pt/service/impl/ProductIndexServiceImpl.java of the component ProductItemDao Interface. Executing...

6.5CVSS5.7AI score0.00204EPSS

Exploits0References8

CNNVD•added 2026/04/02 12:0 a.m.•7 views

MB Connect Line mbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 is a remote service portal developed by the German company MB Connect Line. This product supports functions such as remote access, data recording, and alarm notifications. MB Connect Line mbCONNECT24 has a SQL injection vulnerability, which stems from improper handling...

7.5CVSS5.9AI score0.00339EPSS

Tenable Nessus•added 2026/04/02 12:0 a.m.•3 views

Zabbix 6.0.x < 6.0.34 / 6.4.x < 6.4.19 / 7.0.x < 7.0.4 SQLi (ZBX-26986)

The version of Zabbix Server installed on the remote host is prior to 6.0.34, 6.4.19, 7.0.4. It is, therefore, affected by a SQL injection vulnerability : - A Zabbix administrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...

7.5CVSS7.3AI score0.01188EPSS