CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 17 hours ago•9 views

XWiki - HQL Injection

XWiki is vulnerable to Hibernate Query Language HQL injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potential...

9.3CVSS6.4AI score0.00342EPSS

Exploits0References2

ATTACKERKB•added 2026/05/27 4:28 a.m.•3 views

CVE-2025-14481

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

4.3CVSS5.7AI score0.00032EPSS

Exploits0References6

NVD•added 2026/05/26 3:17 p.m.•12 views

CVE-2026-9552

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS0.00012EPSS

EUVD•added 2026/05/26 2:0 p.m.•9 views

EUVD-2026-31829

ATTACKERKB•added 2026/05/26 2:0 p.m.•5 views

CVE-2026-9552

Exploits0References4Affected Software1

CVE•added 2026/05/26 2:0 p.m.•11 views

CVE-2026-9552

CVE-2026-9552 affects Das Parking Management System 6.2.0, specifically the Search API Endpoint. The vulnerability is a SQL injection triggered by manipulating the Value parameter, allowing remote exploitation. Public exploits exist. The vendor was contacted but did not respond. No remediation de...

Cvelist•added 2026/05/26 2:0 p.m.•34 views

CVE-2026-9552 Das Parking Management System 停车场管理系统 Search API Endpoint sql injection

7.5CVSS0.00012EPSS

Vulnrichment•added 2026/05/26 2:0 p.m.•5 views

CVE-2026-9552 Das Parking Management System 停车场管理系统 Search API Endpoint sql injection

CNNVD•added 2026/05/26 12:0 a.m.•4 views

Das Parking Management System SQL注入漏洞

Das Parking Management System is a parking management system developed by Das Real Technology Co., Ltd. Version 6.2.0 of Das Parking Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of parameters during the execution of code in the Search API...

7.5CVSS7.3AI score0.00012EPSS

CNNVD•added 2026/05/14 12:0 a.m.•5 views

SiYuan 安全漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 contained security vulnerabilities. These vulnerabilities were caused by ineffective access control for search APIs under certain deployment scenarios, which could lead to the...

4.3CVSS5.8AI score0.00009EPSS

Exploits0References2

NVD•added 2026/04/28 1:16 a.m.•0 views

CVE-2026-7211

A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcpserver.py of the component Git Search API. Executing a manipulation of the argument repourl/pattern can lead to command injection. The attack can be executed remotel...

7.5CVSS0.0212EPSS

Vulnrichment•added 2026/04/28 1:0 a.m.•0 views

CVE-2026-7211 dvladimirov MCP Git Search API mcp_server.py GitSearchRequest command injection

7.5CVSS7.1AI score0.0212EPSS

CVE•added 2026/04/28 1:0 a.m.•11 views

CVE-2026-7211

CVE-2026-7211 affects the dvladimirov MCP project (up to version 0.1.0) with a vulnerability in the Git Search API. The flaw is exposed in the function GitSearchRequest within mcp_server.py, where manipulating the argument repo_url/pattern can trigger a command injection. The issue is exploitable...

7.5CVSS7.2AI score0.0212EPSS

EUVD•added 2026/04/28 1:0 a.m.•1 views

EUVD-2026-25964

7.5CVSS7.2AI score0.0212EPSS