CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/16 3:26 p.m.•10 views

EUVD-2021-34830

WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit POST requests to the jslmfieldordering page with XSS payloads in the fieldtitle field to execute...

7.2CVSS5.9AI score0.00214EPSS

Vulnrichment•added 2026/05/16 3:26 p.m.•10 views

CVE-2021-47975 WordPress Plugin WP Learn Manager 1.1.2 Stored XSS

7.2CVSS5.9AI score0.00214EPSS

Cvelist•added 2026/05/16 3:26 p.m.•41 views

CVE-2021-47975 WordPress Plugin WP Learn Manager 1.1.2 Stored XSS

7.2CVSS0.00214EPSS

CVE•added 2026/05/16 3:26 p.m.•13 views

CVE-2021-47956

The connected documents identify CVE-2021-47956 as affecting EgavilanMedia PHPCRUD 1.0 and describe a SQL injection vulnerability allowing unauthenticated attackers to manipulate database queries via the firstname parameter. Exploitation details include sending crafted POST requests to insert.php...

ATTACKERKB•added 2026/05/16 3:26 p.m.•6 views

CVE-2021-47956

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive databas...

EUVD•added 2026/05/16 3:26 p.m.•8 views

EUVD-2021-34824

Vulnrichment•added 2026/05/16 3:26 p.m.•10 views

CVE-2021-47956 EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname

ATTACKERKB•added 2026/05/16 3:26 p.m.•7 views

CVE-2021-47954

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the searchquery parameter. Attackers can send POST requests to /search.php with malicious searchquery values using CASE WHEN statements to extra...

8.8CVSS5.9AI score0.00237EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/16 3:26 p.m.•10 views

CVE-2021-47954 LayerBB 1.1.4 SQL Injection via search_query Parameter

8.8CVSS5.9AI score0.00237EPSS

Exploits0References2

CVE•added 2026/05/16 3:26 p.m.•16 views

CVE-2021-47954

LayerBB 1.1.4 contains an unauthenticated SQL injection vulnerability in the search_query parameter. An attacker can send POST requests to /search.php with crafted search_query values (e.g., using CASE WHEN statements) to manipulate queries and extract sensitive database information. No remediati...

8.8CVSS5.9AI score0.00237EPSS

Exploits0References2

ATTACKERKB•added 2026/05/16 3:26 p.m.•7 views

CVE-2020-37246

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access...

6.9CVSS5.9AI score0.00673EPSS

CVE•added 2026/05/16 3:26 p.m.•14 views

CVE-2020-37246

The CVE affects the WordPress plugin Supsystic Backup 2.3.9 . A local file inclusion (LFI) flaw arises from manipulating the download parameter in admin.php with directory traversal sequences, enabling unauthenticated attackers to read arbitrary files (e.g., /etc/passwd) and to delete files via t...

6.9CVSS5.9AI score0.00673EPSS

CVE•added 2026/05/16 3:25 p.m.•14 views

CVE-2020-37244

Supsystic Membership 1.4.7 (WordPress plugin) contains an SQL injection vulnerability in the badges module, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting payloads through the 'search' and 'sidx' parameters. Attacks can use time-based blind or UNION-based SQL inj...

8.8CVSS6.1AI score0.00276EPSS

ATTACKERKB•added 2026/05/16 3:25 p.m.•11 views

CVE-2020-37243

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and...

8.8CVSS6AI score0.00276EPSS

ATTACKERKB•added 2026/05/16 3:25 p.m.•10 views

CVE-2020-37242

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or...

EUVD•added 2026/05/16 3:25 p.m.•9 views

EUVD-2020-31242

CVE•added 2026/05/16 3:25 p.m.•13 views

CVE-2020-37242

Supsystic Ultimate Maps 1.1.12 (WordPress plugin) contains an SQL injection via the sidx GET parameter in the getListForTbl action. An unauthenticated attacker can send crafted requests to perform boolean-based blind or time-based blind SQL injection to extract data from the database. No remediat...

Cvelist•added 2026/05/16 3:25 p.m.•39 views

CVE-2020-37242 WordPress Plugin Supsystic Ultimate Maps 1.1.12 SQL Injection via sidx

8.8CVSS0.00276EPSS

Vulnrichment•added 2026/05/16 3:25 p.m.•8 views

CVE-2020-37242 WordPress Plugin Supsystic Ultimate Maps 1.1.12 SQL Injection via sidx