CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 6 hours ago•5 views

CVE-2026-44792 n8n: Source Control Pull SQL Injection

8.9CVSS0.0004EPSS

EUVD•added 6 hours ago•4 views

EUVD-2026-38486

8.9CVSS5.9AI score0.0004EPSS

AstraLinux•added 4 days ago•2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed a potential NULL pointer dereference in the atomctrlgetsmcsclkrangetable function. The function atomctrlgetsmcsclkrangetable does not check the return value of smuatomgetdatatable. If smuatomgetdatatable fails t...

5.5CVSS6.2AI score0.00201EPSS

CVE•added 4 days ago•12 views

CVE-2026-8118

The CVE concerns the WordPress plugin Royal Addons for Elementor – Addons and Templates Kit for Elementor (versions 1.7.1058–1.7.1059). A flaw in wpr_get_csv_handle(), introduced in 1.7.1058, allows an authenticated attacker with Contributor+ privileges to cause Arbitrary File Read by abusing set...

6.5CVSS5.6AI score

Cvelist•added 2026/06/15 1:30 a.m.•31 views

CVE-2026-12206 Grit42 Grit data_table_entity.rb DataTableEntity sql injection

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS0.00196EPSS

Vulnrichment•added 2026/06/15 1:30 a.m.•6 views

CVE-2026-12206 Grit42 Grit data_table_entity.rb DataTableEntity sql injection

6.5CVSS6.2AI score0.00196EPSS

EUVD•added 2026/06/15 1:30 a.m.•8 views

EUVD-2026-36680

6.5CVSS6.3AI score0.00196EPSS

CVE•added 2026/06/15 1:30 a.m.•17 views

CVE-2026-12206

Grit42 Grit (up to 0.11.0) contains a SQL injection in Grit::Assays::DataTableEntity (modules/assays/backend/app/models/grit/assays/data_table_entity.rb). The issue can be exploited remotely; a publicly available exploit exists. The vendor was contacted but did not respond. No remediation or vers...

6.5CVSS6.3AI score0.00196EPSS

Positive Technologies•added 2026/06/15 12:0 a.m.•8 views

PT-2026-49166

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data table entity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS5.3AI score0.00196EPSS

Exploits0References6

RedhatCVE•added 2026/06/05 7:50 p.m.•7 views

CVE-2026-7083

A vulnerability has been found in likeadmin-likeshop likeadminphp up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to...

5.8CVSS5.2AI score0.00253EPSS

Github Security Blog•added 2026/06/05 4:19 p.m.•13 views

NocoDB: SQL Injection via Column Title in Bulk GroupBy

Summary An authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. Details The bulk groupBy path in group-by.ts builds three database-specific knex.raw aggregations that interpolate the request's columnname...

5.3CVSS5.6AI score0.00032EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/05/19 12:0 a.m.•7 views

CtrlPanel.gg 访问控制错误漏洞

CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a access control vulnerability. This vulnerability stemmed from multiple administrator controllers exposing unauthorized access to DataTable...

6.5CVSS5.8AI score0.0028EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•10 views

PT-2026-42014

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description Multiple admin controllers expose DataTable endpoints that lack authorization checks. This allows any authenticated user, regardless of their assigned role, to access sensitive administrative data...

6.5CVSS5.8AI score0.0028EPSS

Exploits0References6

OSV•added 2026/05/14 4:18 p.m.•4 views

GHSA-MHRX-QHRJ-673W n8n Has a Source Control Pull SQL Injection

Impact An attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could lead to SQL injection ...

8.9CVSS5.8AI score0.0004EPSS

Snyk•added 2026/05/12 9:0 p.m.•9 views

SQL Injection

Overview @n8n/api-types is a fair-code workflow automation platform with native AI capabilities Affected versions of this package are vulnerable to SQL Injection in the process of importing a Data Table JSON file during a Source Control Pull operation. An attacker who can write to the git...

7.5CVSS6AI score0.0004EPSS

Tenable Nessus•added 2026/05/11 12:0 a.m.•8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: edk2 (UTSA-2026-017475)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017475 advisory. BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. Tenable has extracted the...

7.8CVSS6.7AI score0.00427EPSS

Exploits1References4

NVD•added 2026/04/27 4:16 a.m.•5 views

CVE-2026-7083

5.8CVSS0.00253EPSS

EUVD•added 2026/04/27 3:30 a.m.•2 views

EUVD-2026-25766

5.8CVSS5.2AI score0.00253EPSS