CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/27 9:49 a.m.•6 views

CVE-2026-42761

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0...

CVE•added 2026/05/27 9:49 a.m.•15 views

CVE-2026-42740

The connected sources confirm a SQL Injection vulnerability in the WordPress Tainacan plugin, affecting version range

EUVD•added 2026/05/27 9:49 a.m.•8 views

EUVD-2026-32203

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through = 1.0.5.1...

ATTACKERKB•added 2026/05/27 9:49 a.m.•7 views

CVE-2026-42747

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...

ATTACKERKB•added 2026/05/27 9:49 a.m.•7 views

CVE-2026-42739

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IniLerm Advanced IP Blocker advanced-ip-blocker allows DOM-Based XSS.This issue affects Advanced IP Blocker: from n/a through = 8.10.7...

7.1CVSS5.8AI score0.00146EPSS

ATTACKERKB•added 2026/05/27 9:49 a.m.•9 views

CVE-2026-42734

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Reflected XSS.This issue affects Geo Mashup: from n/a through = 1.13.19...

7.1CVSS5.8AI score0.0018EPSS

NVD•added 2026/05/27 9:16 a.m.•10 views

CVE-2026-48968

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8...

6.5CVSS0.00139EPSS

EUVD•added 2026/05/27 8:48 a.m.•9 views

EUVD-2026-32155

6.5CVSS5.8AI score0.00139EPSS

EUVD•added 2026/05/27 8:35 a.m.•6 views

EUVD-2025-209955

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a through 1.1.3...

7.1CVSS5.8AI score0.0018EPSS

ATTACKERKB•added 2026/05/27 8:34 a.m.•11 views

CVE-2025-13167

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific files containing non-sensitive information via unspecified vectors...

5.4CVSS5.8AI score0.00254EPSS

NVD•added 2026/05/27 8:16 a.m.•14 views

CVE-2026-40811

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS0.0032EPSS

CVE•added 2026/05/27 8:0 a.m.•13 views

CVE-2026-40850

CVE-2026-40850 describes an unauthenticated SQL injection in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command, leading to total loss of confidentiality. The vulnerability is shown with CVSS 3.1 base score 7.5 (NETWORK, LOW complexity, NONE pri...

8.7CVSS5.9AI score0.00412EPSS

EUVD•added 2026/05/27 7:59 a.m.•11 views

EUVD-2026-32148

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the useralarmprofile view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00274EPSS

CVE•added 2026/05/27 7:56 a.m.•13 views

CVE-2026-40835

CVE-2026-40835 describes an unauthenticated SQL Injection in the saveObjectFromData function, exploitable by a low-privileged remote attacker. Root cause: improper neutralization of special elements in a SQL SELECT command. Impact: total confidentiality loss. Documents from NVD and CVE lists conf...

7.1CVSS5.9AI score0.00262EPSS

EUVD•added 2026/05/27 7:38 a.m.•6 views

EUVD-2026-32110

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-43557

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-43550

8.7CVSS5.9AI score0.0032EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-43597

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00324EPSS