CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

55 matches found

RedhatCVE•added 2026/05/28 8:12 p.m.•5 views

CVE-2026-49046

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 2.9.5...

8.5CVSS5.9AI score0.00033EPSS

Exploits0References1

Cvelist•added 2026/05/27 2:49 p.m.•33 views

CVE-2026-49046 WordPress Duplicate Page and Post plugin <= 2.9.5 - SQL Injection vulnerability

8.5CVSS0.00033EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•3 views

PT-2026-44024

Name of the Vulnerable Software and Affected Versions Duplicate Page and Post versions prior to 2.9.6 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return the...

8.5CVSS5.9AI score0.00033EPSS

Exploits0References4

Cvelist•added 2026/01/23 2:28 p.m.•28 views

CVE-2026-24581 WordPress Points and Rewards for WooCommerce plugin <= 2.9.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Points and Rewards for WooCommerce: from n/a through = 2.9.5...

5.4CVSS0.00069EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•2 views

WordPress plugin Points and Rewards for WooCommerce has security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.4CVSS5.8AI score0.00069EPSS

Exploits0References1

Snyk•added 2025/11/19 9:0 p.m.•3 views

SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the display parameter in API requests. An attacker can execute arbitrary SQL commands by supplying crafted input to t...

8.8CVSS8.3AI score0.00012EPSS

Exploits0References2

CNNVD•added 2025/11/19 12:0 a.m.•0 views

OpenSTAManager SQL注入漏洞

OpenSTAManager is an open source management software for technical assistance and billing from Devcode Open Source. A SQL injection vulnerability exists in OpenSTAManager versions prior to 2.9.5. The vulnerability stems from a SQL injection in the API, which could cause an arbitrary user to execu...

8.8CVSS7.8AI score0.00012EPSS

Exploits0References1

Positive Technologies•added 2025/11/19 12:0 a.m.•5 views

PT-2025-47519

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.9.5 Description OpenSTAManager is a management software for technical assistance and invoicing. A SQL Injection flaw exists in the API that allows authenticated users to execute arbitrary SQL queries,...

8.8CVSS7.6AI score0.00012EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-11122

Malware in sbrugna...

8.8CVSS8.7AI score0.00255EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-4188

Malware in sbrugna...

7.5CVSS7.5AI score0.00334EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-11119

Malware in sbrugna...

4.9CVSS5.1AI score0.00256EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-26645

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.0028EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2025-11782

Malicious code in bioql PyPI...

7.1CVSS7.7AI score0.0016EPSS

Exploits0References1

RedhatCVE•added 2025/09/05 9:31 p.m.•2 views

CVE-2025-8268

The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the restlist and deletefiles functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded ...

6.5CVSS5.5AI score0.0028EPSS

Exploits0References1

Cvelist•added 2025/09/03 8:24 p.m.•4 views

CVE-2025-8268 Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion

6.5CVSS0.0028EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 4:27 p.m.•4 views

CVE-2020-19217

SQL Injection vulnerability in admin/batchmanager.php in piwigo v2.9.5, via the filtercategory parameter to admin.php?page=batchmanager...

8.8CVSS8.1AI score0.00239EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:3 p.m.•5 views

CVE-2020-19215

SQL Injection vulnerability in admin/userperm.php in piwigo v2.9.5, via the catfalse parameter to admin.php?page=userperm...

8.8CVSS8.1AI score0.00255EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:17 p.m.•6 views

CVE-2020-19213

SQL Injection vulnerability in catmove.php in piwigo v2.9.5, via the selection parameter to movecategories...

9.8CVSS8AI score0.0141EPSS

Exploits1

RedhatCVE•added 2025/04/25 4:0 p.m.•4 views

CVE-2025-39455

Cross-Site Request Forgery CSRF vulnerability in IP2Location IP2Location Variables ip2location-variables allows Reflected XSS.This issue affects IP2Location Variables: from n/a through = 2.9.5...

7.1CVSS7.2AI score0.0016EPSS

Exploits0References1

NVD•added 2025/04/17 4:15 p.m.•8 views

CVE-2025-39455

Cross-Site Request Forgery CSRF vulnerability in IP2Location IP2Location Variables ip2location-variables allows Reflected XSS.This issue affects IP2Location Variables: from n/a through = 2.9.5...

7.1CVSS0.0016EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by