CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

216133 matches found

CVE-2026-50890

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

9.8CVSS5.7AI score0.00153EPSS

Exploits0References1

Cvelist•added 2 days ago•28 views

CVE-2026-50890

0.00153EPSS

Exploits0References1

Positive Technologies•added 2 days ago•7 views

PT-2026-49211

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS6.1AI score0.0027EPSS

Exploits0References5

Positive Technologies•added 2 days ago•8 views

PT-2026-49207

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS6.1AI score0.0024EPSS

Exploits0References4

Cvelist•added 2 days ago•24 views

CVE-2026-39196

Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the seturiquery parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements...

0.00153EPSS

Exploits0References1

Positive Technologies•added 2 days ago•6 views

PT-2026-49387

Unauthenticated SQL Injection in Form Maker by 10Web = 1.15.38 versions...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References2

Positive Technologies•added 2 days ago•4 views

PT-2026-49395

Unauthenticated SQL Injection in GeekyBot = 1.2.0 versions...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References2

Positive Technologies•added 2 days ago•11 views

PT-2026-49209

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS6.1AI score0.00302EPSS

Exploits0References4

Positive Technologies•added 2 days ago•5 views

PT-2026-49298

RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information...

5.8AI score0.00277EPSS

Exploits1References2

Positive Technologies•added 2 days ago•7 views

PT-2026-49206

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...

8.8CVSS6.2AI score0.00302EPSS

Exploits0References4

Positive Technologies•added 2 days ago•4 views

PT-2026-49302

Name of the Vulnerable Software and Affected Versions Vector versions prior to 0.55.0 Description The ClickHouse sink contains a SQL/identifier injection flaw. The software escaped the table identifier but interpolated the database value raw into the INSERT statement, allowing a crafted database...

9.8CVSS5.4AI score0.00153EPSS

Exploits0References3

Positive Technologies•added 2 days ago•6 views

PT-2026-49518

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

9.3CVSS5.7AI score0.00297EPSS

Exploits0References2

Positive Technologies•added 2 days ago•6 views

PT-2026-49410

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

7.5CVSS5.7AI score0.00251EPSS

Exploits0References2

Cvelist•added 2 days ago•25 views

CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

0.00277EPSS

Exploits1References1

Positive Technologies•added 2 days ago•8 views

PT-2026-49466

Unauthenticated SQL Injection in Realtyna Organic IDX plugin = 5.1.0 versions...

9.3CVSS5.7AI score0.00291EPSS

Exploits0References2

Positive Technologies•added 2 days ago•5 views

PT-2026-49355

Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...

8.5CVSS5.7AI score0.00253EPSS

Exploits0References2

Positive Technologies•added 2 days ago•9 views

PT-2026-49306

Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVEST SITE SCHEDULE via string...

9.8CVSS5.7AI score0.0037EPSS

Exploits0References3

Positive Technologies•added 2 days ago•7 views

PT-2026-49487

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

8.5CVSS5.7AI score0.00332EPSS

Exploits0References2

Positive Technologies•added 2 days ago•5 views

PT-2026-49493

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...

8.5CVSS5.7AI score0.00332EPSS

Exploits0References2