CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/22 9:14 a.m.•22 views

CVE-2026-25606 SQL Injection in STER

8.7CVSS0.00034EPSS

OSV•added 2026/05/22 8:47 a.m.•4 views

BIT-MEMCACHED-2026-47783

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdbcheckpass...

8.1CVSS5.8AI score0.00085EPSS

Exploits0References4

Vulnrichment•added 2026/05/22 7:50 a.m.•3 views

CVE-2026-8692 Vedrixa Forms <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification via wefb_save_form_structure AJAX Action

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

4.3CVSS5.8AI score0.00034EPSS

Exploits0References8

Vulnrichment•added 2026/05/22 2:28 a.m.•6 views

CVE-2026-4834 WP ERP Pro <= 1.5.1 - Unauthenticated SQL Injection via 'search_key' Parameter

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'searchkey' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...

7.5CVSS5.9AI score0.00084EPSS

Cvelist•added 2026/05/22 2:28 a.m.•35 views

CVE-2026-4834 WP ERP Pro <= 1.5.1 - Unauthenticated SQL Injection via 'search_key' Parameter

7.5CVSS0.00084EPSS

CVE•added 2026/05/22 2:28 a.m.•13 views

CVE-2026-4834

The CVE-2026-4834 entry concerns the WP ERP Pro plugin for WordPress, affected up to version 1.5.1. The vulnerability is a SQL Injection via the 'search_key' parameter due to insufficient escaping and lack of proper query preparation. This allows unauthenticated attackers to append additional SQL...

7.5CVSS5.9AI score0.00084EPSS

CNNVD•added 2026/05/22 12:0 a.m.•5 views

WordPress plugin Vedrixa Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00034EPSS

Exploits0References8

Tenable Nessus•added 2026/05/22 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-33378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impac...

6.5CVSS5.8AI score0.00019EPSS

Tenable Nessus•added 2026/05/22 12:0 a.m.•3 views

Unity Linux 20.1070e Security Update: wildfly-build-tools (UTSA-2026-016748)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016748 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

8.5CVSS7.7AI score0.53591EPSS

Exploits9References4

Positive Technologies•added 2026/05/22 12:0 a.m.•7 views

PT-2026-42810

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.4 Description An unauthenticated SQL injection exists in the Bazar form-import functionality. An unauthenticated visitor can inject arbitrary SQL into an INSERT statement via the FormManager::create function. This...

9.8CVSS6AI score

Exploits0References7

NVD•added 2026/05/21 6:16 p.m.•10 views

CVE-2026-48241

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php a public-facing database utility that are committed to the source repository. Any actor with access to the public source tree or an unauthenticated attacker with read access to the file on a deployed...

9.2CVSS0.00068EPSS

NVD•added 2026/05/21 6:16 p.m.•12 views

CVE-2026-48242

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials host, username, password, database name in importmdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values...

9.2CVSS0.00052EPSS

NVD•added 2026/05/21 6:16 p.m.•6 views

CVE-2026-48233

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...

NVD•added 2026/05/21 6:16 p.m.•7 views

CVE-2026-48239

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tickid POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents summary report without sanitization. Authenticated attackers can craft requests that alter query...

NVD•added 2026/05/21 6:16 p.m.•6 views

CVE-2026-48231

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters tablename, indexname, sortby are concatenated into table/column identifiers in dynamically constructed SELECT/UPDATE/DELETE statements without sanitization. Authenticated...

NVD•added 2026/05/21 6:16 p.m.•5 views

CVE-2026-48232

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modif...