CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/27 12:0 a.m.•5 views

WordPress plugin Easy Form Builder SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.3CVSS5.9AI score0.00236EPSS

8.7CVSS5.9AI score0.00248EPSS

Pi.Alert SQL注入漏洞

Pi.Alert is a WIFI/LAN intrusion detector developed by the individual developer jokob-sk. Versions of Pi.Alert prior to version 2026-05-07 contained an SQL injection vulnerability. This vulnerability stemmed from improper handling of the action and scansource parameters in requests sent to...

CNNVD•added 2026/05/27 12:0 a.m.•8 views

uzy-ssm-mall 安全漏洞

uzy-ssm-mall Yuzu Cloud E-commerce Mall is an SSM framework developed by the developer ghostxbh. It is used to create e-commerce stores, bookstore stores, and customer management systems. Version 1.1.0 of uzy-ssm-mall contains security vulnerabilities. These vulnerabilities stem from SQL injectio...

5.3CVSS5.9AI score0.00288EPSS

CNNVD•added 2026/05/27 12:0 a.m.•8 views

itsourcecode Courier Management System SQL注入漏洞

itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the file/manageuser.php,...

7.5CVSS7.2AI score0.00254EPSS

8.5CVSS5.9AI score0.0026EPSS

WordPress plugin MasterStudy LMS SQL注入漏洞

7CVSS5.9AI score0.00239EPSS

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

8.7CVSS5.9AI score0.0032EPSS

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

CNNVD•added 2026/05/27 12:0 a.m.•7 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

7.1CVSS5.9AI score0.00274EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-43556

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files mb24confi getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•11 views

PT-2026-44049

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

5.9AI score0.00288EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-43599

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00223EPSS

ATTACKERKB•added 2026/05/26 11:30 p.m.•4 views

CVE-2026-9606

A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manageuser.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be...

Exploits0References5Affected Software1

EUVD•added 2026/05/26 11:30 p.m.•7 views

EUVD-2026-32024

Vulnrichment•added 2026/05/26 11:30 p.m.•10 views

CVE-2026-9606 itsourcecode Courier Management System manage_user.php sql injection

CVE•added 2026/05/26 11:30 p.m.•10 views

CVE-2026-9606

The vulnerability CVE-2026-9606 affects itsourcecode Courier Management System 1.0, specifically the /manage_user.php component. The root cause is manipulation of the ID parameter that leads to a SQL injection, with remote exploitation confirmed and a public exploit disclosed. The CVSS-based data...

NVD•added 2026/05/26 10:16 p.m.•13 views

CVE-2026-9584

A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly a...

7.5CVSS0.00254EPSS

CVE•added 2026/05/26 9:15 p.m.•18 views

CVE-2026-9584

Code-projects Project Management System 1.0 is affected by a vulnerability in the Login chk.php component that allows remote SQL injection via an unspecified function. Exploitation is possible remotely and the exploit has been publicly disclosed, with exploit maturity listed as Proof-of-Concept. ...

Vulnrichment•added 2026/05/26 9:15 p.m.•9 views

CVE-2026-9584 code-projects Project Management System Login chk.php sql injection

NVD•added 2026/05/26 8:16 p.m.•10 views

CVE-2026-9573

A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated remotely. The explo...

7.5CVSS0.00259EPSS