CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8251 matches found

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6AI score0.01875EPSS

Exploits1References2

NVD•added yesterday•5 views

CVE-2026-56068

Unauthenticated SQL Injection in JetEngine = 3.8.10.2 versions...

9.3CVSS

Exploits0References1

NVD•added yesterday•4 views

CVE-2026-56067

Unauthenticated SQL Injection in JetSmartFilters = 3.8.3 versions...

9.3CVSS

Exploits0References1

EUVD•added yesterday•4 views

EUVD-2026-39671

Sales Representative SQL Injection in Groundhogg = 4.5 versions...

8.5CVSS5.8AI score

Exploits0References1

Cvelist•added yesterday•18 views

CVE-2026-57653 WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vulnerability

Contributor SQL Injection in WP Job Portal = 2.5.2 versions...

8.5CVSS

Exploits0References1

EUVD•added yesterday•4 views

EUVD-2026-39759

Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...

8.5CVSS5.8AI score

Exploits0References1

Cvelist•added yesterday•18 views

CVE-2026-57643 WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability

Contributor SQL Injection in WP Post Author = 3.9.1 versions...

8.5CVSS

Exploits0References1

CVE•added yesterday•7 views

CVE-2026-57631

CVE-2026-57631 affects the WordPress Popup box plugin (versions

7.6CVSS5.8AI score

Exploits0References1

EUVD•added yesterday•5 views

EUVD-2026-39723

Unauthenticated SQL Injection in Advance Product Search = 1.4.4 versions...

9.3CVSS5.8AI score

Exploits0References1

EUVD•added yesterday•5 views

EUVD-2026-39716

Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...

9.3CVSS5.8AI score

Exploits0References1

Patchstack•added yesterday•6 views

WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Baikuya in WordPress Plugin Groundhogg versions = 4.5...

8.5CVSS5.8AI score

Exploits0Affected Software1

CVE•added yesterday•10 views

CVE-2026-10835

The CVE-2026-10835 entry concerns the SALESmanago & Leadoo WordPress plugin, affected versions before 3.11.3. The vulnerability arises from improper sanitisation/escaping of a parameter in an AJAX action before it is used in a SQL statement, coupled with missing authorization enforcement for that...

7.7CVSS5.8AI score0.00163EPSS

Exploits0References1

EUVD•added 2 days ago•4 views

EUVD-2026-39409

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

4.6CVSS5.9AI score0.00158EPSS

Exploits0References1

Cvelist•added 2 days ago•31 views

CVE-2026-54836 WordPress Filter & Grids plugin <= 3.11.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5...

9.3CVSS0.00229EPSS

Exploits0References1

EUVD•added 2 days ago•4 views

EUVD-2026-39373

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...

9.3CVSS5.9AI score0.00229EPSS

Exploits0References1

EUVD•added 2 days ago•4 views

EUVD-2026-39370

Unauthenticated SQL Injection in MDTF = 1.3.7 versions...

9.3CVSS5.9AI score0.00229EPSS

Exploits0References1

Cvelist•added 2 days ago•29 views

CVE-2026-54822 WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability

Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...

8.5CVSS0.0027EPSS

Exploits0References1

Patchstack•added 2 days ago•4 views

WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.4 - Authenticated (Custom+) SQL Injection vulnerability

Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Groundhogg versions = 4.5.4...

6.5CVSS6AI score0.00281EPSS

Exploits0References1Affected Software1

EUVD•added 2 days ago•4 views

EUVD-2026-39166

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6AI score0.00273EPSS

Exploits0References2

Cvelist•added 2 days ago•31 views

CVE-2026-12079 Dokan Pro <= 5.0.4 - Authenticated (Subscriber+) SQL Injection via 'orderby' Parameter

The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS0.00224EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by