Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

80320 matches found

Exploit DB
Exploit DBadded 2026/05/29 12:0 a.m.29 views

MikroORM 7.0.13 - SQL Injection

Exploit Title: MikroORM 7.0.13 - SQL Injection Google Dork: N/A Date: 2026-05-27 Exploit Author: cardosource Vendor Homepage: https://mikro-orm.io/ Software Link: https://github.com/mikro-orm/mikro-orm Version: @mikro-orm/knex = 6.6.13 / @mikro-orm/sql = 7.0.13 Tested on: Docker / Debian Bookworm...

7.6CVSS5.8AI score0.00783EPSS
Exploits2
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.4 views

PT-2026-44864

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.4 views

PT-2026-44863

E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id partai parameter. Attackers can send GET requests to monitor nilai.php with crafted SQL payloads in the id part...

8.8CVSS6.1AI score0.0009EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/29 12:0 a.m.6 views

EUVD-2026-33350

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

6.5CVSS5.9AI score0.00027EPSS
Exploits0References3
Packet Storm
Packet Stormadded 2026/05/29 12:0 a.m.25 views

📄 OpenCATS 0.9.7.4 SQL Injection

OpenCATS version 0.9.7.4 suffers from a remote SQL injection vulnerability. Exploit Title: OpenCATS 0.9.7.4 - SQL Injection Exploit Author: Gabriel Rodrigues TEXUGO from HAKAI Vendor Homepage: https://www.opencats.org Software Link: https://github.com/opencats/OpenCATS Version: 1 else...

5.9AI score
Exploits0
CNNVD
CNNVDadded 2026/05/29 12:0 a.m.5 views

Bylancer Zechat SQL注入漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability arises from injecting SQL code via the uname parameter,...

8.8CVSS5.9AI score0.00086EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.7 views

PT-2026-44860

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...

8.8CVSS5.9AI score0.00086EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/05/29 12:0 a.m.4 views

Mermaid 安全漏洞

Mermaid is an open-source application developed by mermaid-js. It uses text and code to create charts and visualizations. Versions of Mermaid prior to 10.9.6 and 11.15.0 have security vulnerabilities. These vulnerabilities arise from the use of the excludes property when rendering Gantt charts; i...

5.3CVSS5.9AI score0.00055EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.6 views

PT-2026-44880

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inc types graph.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.0009EPSS
Exploits0References5
OSV
OSVadded 2026/05/28 10:39 p.m.4 views

GHSA-C3PX-H233-H6FQ Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives

Summary ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectService.CreateProject writes attacker-supplied compose content to disk without validating includ...

7.7CVSS6AI score0.00056EPSS
Exploits0References3
NVD
NVDadded 2026/05/28 10:17 p.m.8 views

CVE-2026-45344

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS0.0021EPSS
Exploits0References1
NVD
NVDadded 2026/05/28 9:16 p.m.10 views

CVE-2026-46834

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can resul...

7.5CVSS0.00047EPSS
Exploits0References1
NVD
NVDadded 2026/05/28 9:16 p.m.6 views

CVE-2026-46835

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can resul...

7.5CVSS0.00047EPSS
Exploits0References1
NVD
NVDadded 2026/05/28 9:16 p.m.7 views

CVE-2026-46833

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. While the vulnerability is in Net Service, attac...

9CVSS0.0016EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/28 8:41 p.m.6 views

CVE-2026-45344

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

6AI score0.0021EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/28 8:41 p.m.7 views

CVE-2026-45344 LinkAce: Setup database password newline injection enables pre-auth RCE on uninitialized instances

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS6AI score0.0021EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/28 8:41 p.m.9 views

EUVD-2026-33054

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS6AI score0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/28 8:20 p.m.5 views

CVE-2026-45288

Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...

9.8CVSS6AI score0.00038EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/05/28 8:17 p.m.5 views

EUVD-2026-33014

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. Successful attacks of this vulnerability can resul...

7.5CVSS5.8AI score0.00047EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/28 8:17 p.m.7 views

EUVD-2026-33013

Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Net Service. While the vulnerability is in Net Service, attac...

9CVSS5.8AI score0.0016EPSS
Exploits0References1
Rows per page
Query Builder