CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/23 12:0 a.m.•5 views

Smartshop SQL注入漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting SQL code through the searched parameter in the search.php file. It may allow unauthenticated attackers to manipulat...

8.8CVSS5.9AI score0.0043EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•7 views

PT-2026-42719

Name of the Vulnerable Software and Affected Versions WP ERP Pro versions prior to 1.5.2 Description The WP ERP Pro plugin for WordPress contains a flaw allowing unauthenticated attackers to append additional SQL queries to existing ones. This is caused by insufficient escaping of the user-suppli...

7.5CVSS5.9AI score0.00273EPSS

Exploits0References6

ATTACKERKB•added 2026/05/20 2:27 a.m.•4 views

CVE-2026-9010

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS5.9AI score0.00366EPSS

NVD•added 2026/05/20 2:16 a.m.•11 views

CVE-2026-3985

The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkoutuuid' parameter in all versions up to, and including, 1.6.9. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS0.00391EPSS

Vulnrichment•added 2026/05/20 1:25 a.m.•5 views

CVE-2026-7472 Read More & Accordion <= 3.5.7 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of escsql without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit and...

4.9CVSS6AI score0.00461EPSS

Exploits0References9

ATTACKERKB•added 2026/05/20 1:25 a.m.•8 views

CVE-2026-3985

7.5CVSS5.9AI score0.00391EPSS

Exploits0References5

EUVD•added 2026/05/20 1:25 a.m.•9 views

EUVD-2026-31018

7.5CVSS5.9AI score0.00391EPSS

Vulnrichment•added 2026/05/20 1:25 a.m.•9 views

CVE-2026-8685 Infility Global <= 2.15.16 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the...

6.5CVSS5.9AI score0.00369EPSS

Exploits0References5

Positive Technologies•added 2026/05/20 12:0 a.m.•6 views

PT-2026-42102

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current url' and 'user name' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes...

7.5CVSS5.9AI score0.00366EPSS

NVD•added 2026/05/17 1:16 p.m.•10 views

CVE-2018-25339

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...

8.8CVSS0.00267EPSS

ATTACKERKB•added 2026/05/17 12:11 p.m.•14 views

CVE-2018-25339

Exploits0References3Affected Software1

EUVD•added 2026/05/17 12:11 p.m.•8 views

EUVD-2018-21857

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

8.8CVSS6.1AI score0.00343EPSS

CNNVD•added 2026/05/17 12:0 a.m.•6 views

Bylancer Zechat SQL注入漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability stems from the v parameter being subject to SQL injecti...

Positive Technologies•added 2026/05/17 12:0 a.m.•9 views

Exploits0References1

PT-2026-41564

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

Positive Technologies•added 2026/05/17 12:0 a.m.•7 views

PT-2026-41565

NVD•added 2026/05/16 4:16 p.m.•9 views

CVE-2021-47954

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the searchquery parameter. Attackers can send POST requests to /search.php with malicious searchquery values using CASE WHEN statements to extra...

8.8CVSS0.00237EPSS

Exploits0References2

EUVD•added 2026/05/16 3:26 p.m.•7 views

EUVD-2021-34841

8.8CVSS5.9AI score0.00237EPSS

Exploits0References2

ATTACKERKB•added 2026/05/16 3:26 p.m.•5 views

CVE-2021-47954

8.8CVSS5.9AI score0.00237EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/16 3:25 p.m.•5 views

EUVD-2020-31242

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or...

8.8CVSS6.2AI score0.00276EPSS