CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 4 days ago•6 views

CVE-2017-20269

Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive...

Exploits0References4Affected Software1

CVE•added 4 days ago•7 views

CVE-2017-20269

Summary: CVE-2017-20269 affects Joomla! KissGallery 1.0.0 and is a SQL injection via the component URL path. Vulnerability details: Unauthenticated attackers can inject SQL code through the kissgallery endpoint to execute arbitrary database queries and potentially access sensitive data. The provi...

EUVD•added 4 days ago•5 views

EUVD-2017-18995

Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads t...

EUVD•added 4 days ago•5 views

EUVD-2017-18983

Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite...

CVE•added 4 days ago•10 views

CVE-2017-20256

Joomla Survey Force Deluxe 3.2.4 is affected by an SQL injection via the invite parameter, allowing unauthenticated attackers to run arbitrary SQL through crafted GET requests and potentially read sensitive database information. Impact is high (unauthenticated, network access, data confidentialit...

NVD•added 2026/06/15 8:16 p.m.•6 views

CVE-2026-47835

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS0.00421EPSS

Vulnrichment•added 2026/06/15 6:54 p.m.•3 views

CVE-2026-47835 Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

8.6CVSS5.7AI score0.00421EPSS

CVE•added 2026/06/15 6:54 p.m.•13 views

CVE-2026-47835

In Spring AI Vector Stores, the vulnerability arises from improper handling of special characters that could lead to arbitrary query execution in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components are spring-ai-elasticsearch-store, spring-ai-opensearch-store, and spring-ai-gemfi...

8.6CVSS5.6AI score0.00421EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/15 6:54 p.m.•40 views

CVE-2026-47835 Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

8.6CVSS0.00421EPSS

Snyk•added 2026/06/12 12:0 a.m.•5 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via insufficient neutralization of special characters in the query construction. An attacker can execute arbitrary queries against Elasticsearch, OpenSearch, or GemFire...

8.8CVSS5.7AI score0.00421EPSS

Exploits0References2

EUVD•added 2026/06/10 2:31 p.m.•8 views

EUVD-2026-36050

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS

Exploits0References2

Positive Technologies•added 2026/06/10 12:0 a.m.•12 views

PT-2026-48453

A missing authentication check on the Aix‑DB "/llm/process llm out" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

7.1CVSS6AI score0.00195EPSS

Exploits0References3

Vulnrichment•added 2026/06/09 11:48 a.m.•8 views

CVE-2017-20249 WordPress Plugin Apptha Slider Gallery 1.0 SQL Injection

Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive...

8.8CVSS6.1AI score0.00295EPSS

Exploits0References3

EUVD•added 2026/06/09 11:48 a.m.•9 views

EUVD-2016-10876

Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to...

7.1CVSS6AI score0.00221EPSS

Exploits0References5

NVD•added 2026/06/09 1:16 a.m.•10 views

CVE-2026-8795

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...

7.8CVSS0.00148EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•12 views

PT-2026-47770

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract...

8.8CVSS6.1AI score0.00262EPSS