CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: USB: Fixed an error in the warning message for incorrect direction handling in plusb.c. The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was incorrectly processed as a read...

5.5CVSS6AI score0.00251EPSS

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: simple-card-utils: Fixed the pointer check in graphutilParseLinkDirectionation. Now, it checks whether the passed pointers are valid before writing to them. This also fixes a USBAN warning: UBSAN: Invalid-load in...

7.8CVSS6.7AI score0.00166EPSS

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fixed a bug in the pipe direction for control transfers. The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: The BOGUS control direction, pipe 80001e80, does not match bRequestType 0. WARNING: CPU: ...

7.8CVSS5.4AI score0.0026EPSS

AstraLinux•added 6 days ago•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/cmdnet: fixed incorrect argument types for skbqueuesplice. If retrying timestamp retrieval is necessary and the local list of SKBs already contains entries, then those entries are spliced back into the socket queue...

5.6AI score0.00145EPSS

Exploits0References1

AstraLinux•added 6 days ago•3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed a warning in copyfromiter. Syzkaller reported a warning in copyfromiter because an ioviter was supposedly used in the wrong direction. The reason is that Syzkaller managed to generate a request with a transfer...

5.5CVSS5AI score0.00225EPSS

NVD•added last week•9 views

CVE-2026-11360

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00369EPSS

EUVD•added last week•10 views

EUVD-2026-37844

4.9CVSS5.8AI score0.00369EPSS

Cvelist•added last week•22 views

CVE-2026-11360 Advanced Order Export For WooCommerce <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection via 'sort_direction' Parameter

4.9CVSS0.00369EPSS

CVE•added last week•23 views

CVE-2026-11360

The CVE-2026-11360 entry concerns the WordPress plugin Advanced Order Export For WooCommerce (WooCommerce), affected up to version 4.0.10. The vulnerability is a generic SQL Injection via the sort_direction parameter caused by insufficient escaping and inadequate SQL query preparation. Exploitati...

4.9CVSS5.9AI score0.00369EPSS

GithubExploit•added 2026/06/09 1:19 p.m.•47 views

Exploit for CVE-2026-00000

CVE-2026-00000 Boolean-blind SQL injection Description...

5.6AI score

Exploits1

RedhatCVE•added 2026/06/05 7:33 p.m.•7 views

CVE-2026-9243

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS5.7AI score0.00273EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:17 p.m.•6 views

CVE-2026-33083

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

8.8CVSS5.7AI score0.00328EPSS

Exploits1References1

OSV•added 2026/06/05 3:59 p.m.•4 views

GHSA-CXV7-GMMP-228P NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`

Summary An authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula validation and embedded into a knex.raw ORDER BY clause, executing during...

6CVSS5.8AI score0.00215EPSS

Exploits0References3

Vulnrichment•added 2026/05/31 12:4 p.m.•11 views

CVE-2026-49489 OpenCATS - SQL Injection in DataGrid sortDirection Parameter

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...

8.5CVSS5.9AI score0.00263EPSS

EUVD•added 2026/05/31 12:4 p.m.•11 views

EUVD-2026-33501

8.5CVSS5.9AI score0.00263EPSS

CVE•added 2026/05/31 12:4 p.m.•23 views

CVE-2026-49489

OpenCATS up to version 0.9.7.4 is affected by an SQL injection in the DataGrid sortDirection parameter, enabling an authenticated user to exfiltrate data via ajax/getDataGridPager.php. The underlying issue is a vulnerable sortDirection parameter that allows time-based blind injections, potentiall...

8.5CVSS5.9AI score0.00263EPSS

NVD•added 2026/05/29 8:16 a.m.•16 views

CVE-2026-9243

6.4CVSS0.00273EPSS

Cvelist•added 2026/05/29 6:43 a.m.•29 views

CVE-2026-9243 The Plus Addons for Elementor <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'carousel_direction' Parameter

6.4CVSS0.00273EPSS