CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

233591 matches found

CVE-2026-5074 ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...

6.5CVSS0.00029EPSS

Exploits1References2

EUVD•added last week•8 views

EUVD-2026-34003

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.9AI score0.00057EPSS

Exploits3References2

Vulnrichment•added last week•7 views

CVE-2026-5074 ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter

6.5CVSS5.9AI score0.00029EPSS

Exploits1References2

CVE•added last week•10 views

CVE-2026-5074

The CVE concerns the ARMember Premium WordPress plugin. A SQL Injection exists in the get_private_content_data AJAX action via the sSortDir_0 parameter, in all versions up to and including 7.3.1. The user-supplied value is concatenated into the ORDER BY clause without a whitelist, allowing authen...

6.5CVSS5.9AI score0.00029EPSS

Exploits1References2

ATTACKERKB•added last week•5 views

CVE-2026-10608

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

7.5CVSS6.9AI score0.00032EPSS

Exploits0References5

Vulnrichment•added last week•5 views

CVE-2026-10608 DedeCMS carbuyaction.php RemoveXSS sql injection

7.5CVSS5.7AI score0.00032EPSS

Exploits0References4

EUVD•added last week•8 views

EUVD-2026-33997

7.5CVSS6.9AI score0.00032EPSS

Exploits0References4

NVD•added last week•9 views

CVE-2026-10606

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS0.00032EPSS

Exploits0References4

Vulnrichment•added last week•7 views

CVE-2026-10606 DedeCMS Feedback feedback.php TrimMsg sql injection

7.5CVSS6.9AI score0.00032EPSS

Exploits0References4

CVE•added last week•11 views

CVE-2026-10606

CVE-2026-10606 affects DedeCMS 5.7.88, specifically the TrimMsg function in /plus/feedback.php (Feedback Handler). Manipulating the msg argument can cause a SQL injection. The issue is exploitable remotely with publicly disclosed exploit material; CVSS metrics indicate network access, low attack ...

7.5CVSS6.9AI score0.00032EPSS

Exploits0References4

ATTACKERKB•added last week•7 views

CVE-2026-10606

7.5CVSS6.9AI score0.00032EPSS

Exploits0References5

NVD•added last week•7 views

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS0.0004EPSS

Exploits2References6

RedhatCVE•added last week•8 views

CVE-2026-10257

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...

6.5CVSS5.7AI score0.00037EPSS

Exploits0References1

RedhatCVE•added last week•9 views

CVE-2026-10193

A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sq...

6.5CVSS5.6AI score0.00031EPSS

Exploits0References1

RedhatCVE•added last week•6 views

CVE-2026-10226

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS5.6AI score0.00044EPSS

Exploits0References1

RedhatCVE•added last week•7 views

CVE-2026-35222

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

9.8CVSS5.9AI score0.00003EPSS

Exploits0References1

RedhatCVE•added last week•7 views

CVE-2026-10251

A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS5.6AI score0.00044EPSS

Exploits0References1

RedhatCVE•added last week•10 views

CVE-2026-10170

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

6.5CVSS5.7AI score0.00031EPSS

Exploits0References1