CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

216082 matches found

EUVD-2026-37037

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...

8.8CVSS5.9AI score0.00253EPSS

Exploits0References2

Positive Technologies•added yesterday•8 views

PT-2026-49619

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro get overall chart data AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to json...

8.8CVSS5.9AI score0.00253EPSS

Exploits0References3

GithubExploit•added 2 days ago•39 views

Exploit for CVE-2026-54596

CVE-2026-54596 - Authenticated SQL Injection via recurringinv...

6.1AI score

Exploits0

EUVD•added 2 days ago•4 views

EUVD-2026-36980

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References2

EUVD•added 2 days ago•7 views

EUVD-2026-36976

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

8.5CVSS5.7AI score0.00332EPSS

Exploits0References2

EUVD•added 2 days ago•4 views

EUVD-2026-36947

Unauthenticated SQL Injection in Form Maker by 10Web = 1.15.38 versions...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References2

EUVD•added 2 days ago•5 views

EUVD-2026-36975

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

7.5CVSS5.7AI score0.00251EPSS

Exploits0References2

EUVD•added 2 days ago•5 views

EUVD-2026-36943

Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...

9.3CVSS5.7AI score0.00363EPSS

Exploits0References2

EUVD•added 2 days ago•5 views

EUVD-2026-36788

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

5.6AI score0.00153EPSS

Exploits0References2

EUVD•added 2 days ago•4 views

EUVD-2026-36762

Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the seturiquery parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements...

5.6AI score0.00153EPSS

Exploits0References2