271681 matches found
CVE-2026-54808 WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4...
CVE-2026-54813
CVE-2026-54813 pertains to the WordPress SureDash plugin (versions up to and including 1.8.0). Summary: Improper neutralization of special elements in SQL commands leading to Blind SQL Injection in SureDash. Affected component: SureDash WordPress plugin; vulnerable to SQL injection in its interac...
CVE-2026-54813 WordPress SureDash plugin <= 1.8.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0...
CVE-2026-54813 WordPress SureDash plugin <= 1.8.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0...
EUVD-2026-37711
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0...
EUVD-2026-37708
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...
CVE-2026-54815 WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...
CVE-2026-54815 WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...
CVE-2026-54815
CVE-2026-54815 affects the WordPress plugin Cargo Shipping Location for WooCommerce (Cargo RD Cargo Shipping Location for WooCommerce) up to version 5.6. The vulnerability is an SQL Injection (blind) caused by improper neutralization of special elements in SQL commands. CVSS v3.1 shows a base sco...
EUVD-2026-37705
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...
CVE-2026-54818
The CVE concerns WordPress Slimstat Analytics plugin (versions up to 5.4.11). The issue is a SQL Injection vulnerability caused by improper neutralization of SQL commands, enabling blind SQL injection. The CVSS 3.1 base score is 8.5 (HIGH) with network exploitability, low attack complexity, and n...
CVE-2026-54818 WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...
CVE-2026-54818 WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11...
CVE-2026-53876
RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...
CVE-2026-49073
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3...
CVE-2026-27868
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a...
CVE-2026-11409
An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...
CVE-2026-11410
An authenticated OS command injection vulnerability exists in the BigPond Cable BPA WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...
CVE-2025-59872
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system command...
CVE-2026-54819
CVE-2026-54819 affects WordPress Listdom plugin (vendor: Webilia Inc.), vulnerable through versions up to 5.4.0 due to improper neutralization of SQL commands, enabling Blind SQL Injection. CVSS 3.1 base score 9.3 (CRITICAL); attack vector NETWORK, attack complexity LOW, privileges NONE, user int...