CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/04/08 8:30 a.m.•3 views

CVE-2026-39495

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.27...

5.9AI score0.00253EPSS

ATTACKERKB•added 2026/04/08 8:30 a.m.•2 views

CVE-2026-39497

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Blind SQL Injection.This issue affects FOX: from n/a through = 1.4.5...

Vulnrichment•added 2026/04/08 8:30 a.m.•4 views

CVE-2026-39495 WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability

8.5CVSS5.9AI score0.00253EPSS

CVE•added 2026/04/08 8:30 a.m.•28 views

CVE-2026-39495

CVE-2026-39495 describes an SQL Injection vulnerability in the WordPress plugin Simply Schedule Appointments (NSquared) affecting versions up to 1.6.9.27. The issue is an Improper Neutralization of Special Elements used in an SQL Command, leading to Blind SQL Injection. The connected Red Hat, ENI...

8.5CVSS5.9AI score0.00253EPSS

Cvelist•added 2026/04/08 8:30 a.m.•22 views

CVE-2026-39486 WordPress Download Monitor plugin <= 5.1.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through = 5.1.8...

8.5CVSS0.00256EPSS

ATTACKERKB•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39487

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.1.1...

5.9AI score0.00271EPSS

ATTACKERKB•added 2026/04/08 8:30 a.m.•2 views

CVE-2026-39479

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through = 1.1.20...

Vulnrichment•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39475 WordPress User Feedback plugin <= 1.10.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.1...

7.6CVSS5.9AI score0.00264EPSS

ATTACKERKB•added 2026/04/08 8:30 a.m.•0 views

CVE-2026-39466

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-31120

CNNVD•added 2026/04/08 12:0 a.m.•3 views

Exploits0References4

WordPress plugin YayMail SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.6CVSS5.9AI score0.00279EPSS

Cvelist•added 2026/04/07 5:38 p.m.•13 views

CVE-2026-39334 ChurchCRM has a Blind SQL injection in SettingsIndividual.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in ChurchCRM 7.0.5. Authenticated users without any specific privileges can inject arbitrary SQL statements through the type array parameter via t...

8.8CVSS0.00253EPSS

Vulnrichment•added 2026/04/07 5:38 p.m.•2 views

CVE-2026-39334 ChurchCRM has a Blind SQL injection in SettingsIndividual.php

8.8CVSS6AI score0.00253EPSS

CVE•added 2026/04/07 5:38 p.m.•5 views

CVE-2026-39334

ChurchCRM contains a blind SQL injection in SettingsIndividual.php affecting 7.0.5, exploitable by authenticated users with low privileges via the type array parameter. The issue allows extraction and modification of database content and is fixed in 7.1.0. The available documents provide the affe...

8.8CVSS6AI score0.00253EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/07 5:34 p.m.•17 views

CVE-2026-39330 ChurchCRM has a Blind SQL injection in PropertyAssign.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyAssign.php in ChurchCRM. Authenticated users with the role Manage Groups & Roles ManageGroups and Edit Records isEditRecordsEnabled can inject arbitrary SQL...

8.8CVSS0.00244EPSS

CVE•added 2026/04/07 5:34 p.m.•7 views

CVE-2026-39330

ChurchCRM (pre-7.1.0) contains a SQL injection in /PropertyAssign.php exploitable by authenticated users with roles Manage Groups & Roles and Edit Records via the Value parameter. The vulnerability can allow arbitrary SQL execution to read/modify database data. It is fixed in 7.1.0; upgrade to 7....

8.8CVSS6AI score0.00244EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/07 5:30 p.m.•12 views

CVE-2026-39326 ChurchCRM has a Blind SQL injection in PropertyTypeEditor.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyTypeEditor.php in ChurchCRM. Authenticated users with the role isMenuOptionsEnabled can inject arbitrary SQL statements through the Name and Description paramete...

8.8CVSS0.00244EPSS