CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/12 10:24 p.m.•6 views

CVE-2026-1250 Court Reservation – Manage Your Court Bookings Online <= 1.10.11 - Unauthenticated SQL Injection

The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

7.5CVSS5.9AI score0.00273EPSS

EUVD•added 2026/05/12 9:31 p.m.•9 views

EUVD-2026-29811

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

Cvelist•added 2026/05/12 7:11 p.m.•41 views

CVE-2026-44864 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems

7.2CVSS0.00315EPSS

Vulnrichment•added 2026/05/12 7:11 p.m.•5 views

CVE-2026-44864 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems

ATTACKERKB•added 2026/05/12 7:5 p.m.•5 views

CVE-2026-44860

Exploits0References2Affected Software1

CVE•added 2026/05/12 7:5 p.m.•12 views

CVE-2026-44860

CVE-2026-44860 describes SQL injection vulnerabilities in multiple service components exposed via the AOS-8 and AOS-10 CLI and management protocol. An authenticated attacker with administrative privileges can inject crafted input into parameters passed to backend queries, which could allow execut...

Exploits0References1Affected Software1

EUVD•added 2026/05/12 6:30 p.m.•8 views

EUVD-2026-29548

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiNDR 7.6.0 through 7.6.2, FortiNDR 7.4.0 through 7.4.9, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions may allow an authenticated attacker to execut...

5.4CVSS6AI score0.00264EPSS

CNNVD•added 2026/05/12 12:0 a.m.•5 views

WordPress plugin Eight Day Week Print Workflow SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

6.5CVSS5.9AI score0.00241EPSS

CNNVD•added 2026/05/12 12:0 a.m.•7 views

WordPress plugin Court Reservation – Manage Your Court Bookings Online SQL注入漏洞

7.5CVSS5.9AI score0.00273EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•10 views

PT-2026-40011

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.1...

8.5CVSS5.8AI score0.00223EPSS

Snyk•added 2026/05/11 6:31 p.m.•7 views

SQL Injection

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to SQL Injection via the Import/Export query export. An attacker can execute arbitrary commands on the server or write arbitrary files by injecting crafted input into the psql \copy metacommand template...

8.8CVSS6.2AI score0.01444EPSS

GithubExploit•added 2026/05/10 1:52 p.m.•97 views

cybersec-hw2

cybersec-hw2 Homework 2 for Introduction to Computer Securi...

5.9AI score

Exploits0

ATTACKERKB•added 2026/05/09 2:41 a.m.•10 views

CVE-2026-8207

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...

7CVSS5.9AI score0.00226EPSS

Snyk•added 2026/05/08 7:17 p.m.•9 views

SQL Injection

Overview @mikro-orm/knex is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, PostgreSQL and SQLite databases as well as usage with vanilla JavaScript. Affected versions of this package are vulnerable to SQL Injection via improper...

7.6CVSS6.1AI score0.00949EPSS

Exploits2References2

NVD•added 2026/05/08 4:16 a.m.•10 views

CVE-2026-8129

A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file wishlist.php. Executing a manipulation of the argument delwlistid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly...

7.5CVSS0.00254EPSS

Exploits0References5

Cvelist•added 2026/05/08 3:38 a.m.•39 views

CVE-2026-42208 LiteLLM: SQL injection in Proxy API key verification

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An...

9.3CVSS0.93107EPSS

Exploits6References2

CNNVD•added 2026/05/08 12:0 a.m.•8 views

CodeAstro Leave Management System 注入漏洞

The CodeAstro Leave Management System is a leave management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Leave Management System has a vulnerability related to SQL injection, which arises from improper handling of the parameter txtusername in the file/login.php...

7.5CVSS7.2AI score0.00254EPSS

NVD•added 2026/05/07 3:16 p.m.•26 views

CVE-2026-41422

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed...

8.3CVSS0.00345EPSS