CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2 days ago•21 views

CVE-2026-5073 ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter

7.5CVSS0.00064EPSS

ATTACKERKB•added 2 days ago•3 views

CVE-2026-5073

CVE•added 2 days ago•10 views

CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the order parameter of the arm_directory_paging_action AJAX action in all versions up to and including 7.3.1. Root cause: insufficient escaping on user-supplied order and orderby parameters and inadequate preparation of ...

EUVD•added 2 days ago•5 views

EUVD-2026-34005

Vulnrichment•added 2 days ago•5 views

CVE-2026-5073 ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection via 'order' Parameter

Positive Technologies•added 2 days ago•4 views

PT-2026-45844

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'arm directory paging action' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack ...

NVD•added 6 days ago•7 views

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

6.5CVSS0.00024EPSS

ATTACKERKB•added 6 days ago•3 views

CVE-2026-44238

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

8.5CVSS5.8AI score0.00058EPSS

Exploits0References2Affected Software1

NVD•added 6 days ago•8 views

CVE-2026-10039

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

4.9CVSS0.00027EPSS

EUVD•added 6 days ago•6 views

EUVD-2026-33259

Vulnrichment•added 6 days ago•3 views

CVE-2026-10039 Frontend Admin by DynamiApps <= 3.28.28 - Authenticated (Administrator+) SQL Injection via 'order' Parameter

Cvelist•added 6 days ago•27 views

CVE-2026-10039 Frontend Admin by DynamiApps <= 3.28.28 - Authenticated (Administrator+) SQL Injection via 'order' Parameter

4.9CVSS0.00027EPSS

ATTACKERKB•added 6 days ago•3 views

CVE-2026-10039

CVE•added 6 days ago•12 views

Exploits0References7

CVE-2026-10039

The CVE-2026-10039 entry concerns the WordPress plugin Frontend Admin by DynamiApps. Affected versions up to and including 3.28.28 are vulnerable to a generic SQL Injection via the 'order' parameter due to insufficient escaping of user input and inadequate preparation of the existing SQL query. A...

Positive Technologies•added 6 days ago•4 views

PT-2026-44760

CVE•added 6 days ago•6 views

Exploits0References7

CVE-2026-39229

Bolt CMS up to version 3.7.0 is affected by an SQL Injection in the order parameter of content listing pages, exploitable by an authenticated attacker with low privileges via the OrderDirective component. This can lead to extraction of sensitive information. The CVSS 3.1 base score is 6.5 (Medium...

6.5CVSS5.9AI score0.00024EPSS

EUVD•added 6 days ago•3 views

EUVD-2026-33350

6.5CVSS5.9AI score0.00024EPSS

Vulnrichment•added 6 days ago•4 views

CVE-2026-39229

5.9AI score0.00024EPSS