CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4693 matches found

Jms Blog - SQL Injection

The module Jms Blog jmsblog from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes id: CVE-2023-27034 info: name: Jms Blog - SQL Injection author: MaStErChO severity: critical...

9.8CVSS7.3AI score0.58743EPSS

Exploits0References5

Nuclei•added yesterday•43 views

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. id: CVE-2021-27320 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: high description: | Blind S...

7.5CVSS7.2AI score0.09299EPSS

Exploits3References3

ATTACKERKB•added 4 days ago•5 views

CVE-2017-20277

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the searchauthor parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques...

8.8CVSS6AI score

Exploits0References4Affected Software1

CVE•added 4 days ago•10 views

CVE-2017-20277

The CVE-2017-20277 entry concerns Joomla JoomRecipe 1.0.4. The connected Attackerkb entry confirms a bona fide vulnerability: a blind SQL injection in the search_author parameter on the search results page. Exploitation is described as sending POST requests to the search endpoint to perform boole...

8.8CVSS6AI score

Exploits0References4

CVE•added 5 days ago•15 views

CVE-2026-56012

The CVE concerns the WordPress plugin Media Library Assistant (vulnerable from unknown through 3.35). The issue is an SQL Injection due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected component is the plugin’s data handling for user input in ...

8.5CVSS5.6AI score

Exploits0References1

NVD•added 6 days ago•6 views

CVE-2026-54812

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...

9.3CVSS0.00291EPSS

Exploits0References1

Cvelist•added 6 days ago•31 views

CVE-2026-54812 WordPress Motors plugin <= 1.4.109 - SQL Injection vulnerability

9.3CVSS0.00291EPSS

Exploits0References1

EUVD•added 6 days ago•7 views

EUVD-2026-37727

9.3CVSS5.6AI score0.00291EPSS

Exploits0References1

CVE•added 6 days ago•12 views

CVE-2026-54812

CVE-2026-54812 describes an SQL Injection in StylemixThemes Motors (WordPress plugin)

9.3CVSS5.6AI score0.00291EPSS

Exploits0References1

NVD•added 6 days ago•5 views

CVE-2026-54815

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

9.3CVSS0.00236EPSS

Exploits0References1

NVD•added 6 days ago•6 views

CVE-2026-54813

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0...

8.5CVSS0.00211EPSS

Exploits0References1

Cvelist•added 6 days ago•27 views

CVE-2026-54815 WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability

9.3CVSS0.00236EPSS

Exploits0References1

Cvelist•added 6 days ago•27 views

CVE-2026-54818 WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...

8.5CVSS0.00211EPSS

Exploits0References1

EUVD•added 6 days ago•8 views

EUVD-2026-37703

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0...

9.3CVSS5.6AI score0.00236EPSS

Exploits0References1

Positive Technologies•added 6 days ago•9 views

PT-2026-50416

Name of the Vulnerable Software and Affected Versions WP Travel Gutenberg Blocks versions prior to 3.9.4 Description Improper Neutralization of Special Elements used in an SQL Command allows Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data...

9.3CVSS5.7AI score0.00317EPSS

Exploits0References4

Cvelist•added 2026/06/16 9:23 p.m.•21 views

CVE-2026-49073 WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3...

8.5CVSS0.00278EPSS

Exploits0References1

CVE•added 2026/06/16 9:4 a.m.•20 views

CVE-2026-49772

CVE-2026-49772 affects WordPress plugin The Events Calendar (Liquid Web / StellarWP) versions 6.15.12–6.16.2. The issue is an SQL Injection due to improper neutralization of special elements, enabling blind SQL injection. CVSS 3.1 base score 9.3 (CRITICAL) with AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L...

9.3CVSS5.6AI score0.00236EPSS

Exploits1References1

EUVD•added 2026/06/16 9:4 a.m.•11 views

EUVD-2026-37057

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...

9.3CVSS5.7AI score0.00236EPSS

Exploits1References1

Positive Technologies•added 2026/06/16 12:0 a.m.•7 views

PT-2026-50125

8.5CVSS5.6AI score0.00278EPSS

Exploits0References2

Positive Technologies•added 2026/06/15 12:0 a.m.•11 views

PT-2026-49206

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

8.8CVSS6.2AI score0.00302EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by