25513 matches found
sql-bypass
No d...
EUVD-2026-20223
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.5.0...
EUVD-2026-20162
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through = 4.3.3...
EUVD-2026-20156
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.1.1...
CVE-2026-35406
A flaw was found in aardvark-dns where a specially crafted TCP DNS query followed by a connection reset can trigger an infinite error loop, leading to 100% CPU usage and a denial of service. As aardvark-dns is only accessible via internal Podman networks, this issue can be exploited by a local...
CVE-2026-39575
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.5.0...
CVE-2026-33088
Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement...
CVE-2026-39575 WordPress Custom Query Blocks plugin <= 5.5.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.5.0...
CVE-2026-39575 WordPress Custom Query Blocks plugin <= 5.5.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.5.0...
CVE-2026-39575
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.5.0...
CVE-2026-39575
CVE-2026-39575 affects the WordPress plugin “Custom Query Blocks” (Ronald Huereca) for the post-type-archive-mapping feature, with DOM-based XSS caused by improper neutralization of input during web page generation. Affected versions are
CVE-2026-39496 WordPress YayMail plugin <= 4.3.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through = 4.3.3...
CVE-2026-39495 WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.27...
CVE-2026-39486
The CVE-2026-39486 entry concerns the WordPress Download Monitor plugin (Download Monitor) with versions <= 5.1.8, where improper neutralization of SQL commands leads to Blind SQL Injection. The Red Hat, NVD, EUVD, CVE List, and vuln enrichment records confirm a vulnerability in this plugin; n...
CVE-2026-39479 WordPress OttoKit plugin <= 1.1.20 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through = 1.1.20...
CVE-2026-39479
The CVE-2026-39479 entry documents a vulnerability in the WordPress OttoKit SureTriggers plugin (OttoKit) affecting versions up to 1.1.20. The issue is Improper Neutralization of Special Elements used in an SQL Command, i.e., a Blind SQL Injection condition. Reported across multiple sources (NVD,...
CVE-2026-39475
CVE-2026-39475 describes a SQL Injection vulnerability in the WordPress plugin WordPress User Feedback plugin (assumed: “userfeedback-lite” by Syed Balkhi) affecting versions up to and including 1.10.1. The issue is a not-neutralized input scenario allowing Blind SQL Injection. Public sources in ...
CVE-2026-39475 WordPress User Feedback plugin <= 1.10.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.1...
CVE-2026-3781 Attendance Manager <= 0.6.2 - Authenticated (Subscriber+) SQL Injection via 'attmgr_off' Parameter
The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgroff' parameter in all versions up to, and including, 0.6.2. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
PT-2026-31162
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through = 5.5.0...