CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

EUVD-2026-33526

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

6.5CVSS6.4AI score0.00028EPSS

Exploits0References6

EUVD•added 3 days ago•9 views

EUVD-2026-33525

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...

6.5CVSS6.4AI score0.00028EPSS

Exploits0References6

EUVD•added 3 days ago•6 views

EUVD-2026-33524

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

6.5CVSS6.4AI score0.00028EPSS

Exploits0References6

NVD•added 3 days ago•7 views

CVE-2026-10202

6.5CVSS0.00028EPSS

Exploits0References5

NVD•added 3 days ago•6 views

CVE-2026-10204

6.5CVSS0.00028EPSS

Exploits0References5

NVD•added 3 days ago•7 views

CVE-2026-10203

6.5CVSS0.00028EPSS

Exploits0References5

CNNVD•added 3 days ago•3 views

OFCMS SQL Injection Vulnerability

OFCMS is a content management system developed by the Oufu individual developers. Version OFCMS 1.1.3 has a SQL injection vulnerability, which stems from an SQL injection in the Query function of the SystemParamController.java file within the JSON query interface...

6.5CVSS6.6AI score0.00028EPSS

Exploits0References5

Vulnrichment•added 4 days ago•3 views

CVE-2026-10204 OFCMS JSON Query SysUserController.java query sql injection

6.5CVSS5.7AI score0.00028EPSS

Exploits0References5

ATTACKERKB•added 4 days ago•7 views

CVE-2026-10204

6.5CVSS6.4AI score0.00028EPSS

Exploits0References5

Cvelist•added 4 days ago•34 views

CVE-2026-10204 OFCMS JSON Query SysUserController.java query sql injection

6.5CVSS0.00028EPSS

Exploits0References5

ATTACKERKB•added 4 days ago•7 views

CVE-2026-10203

6.5CVSS6.4AI score0.00028EPSS

Exploits0References5

CVE•added 4 days ago•8 views

CVE-2026-10203

The report identifies CVE-2026-10203 affecting OFCMS 1.1.3. The vulnerability lies in the JSON Query Interface: the Query function in OFCMS-admin/src/main/java/com/ofsoft/cms/admin/controller/system/SystemParamController.java, which enables SQL injection. This can be triggered remotely, with publ...

6.5CVSS6.4AI score0.00028EPSS

Exploits0References5

ATTACKERKB•added 4 days ago•6 views

CVE-2026-10202

6.5CVSS6.4AI score0.00028EPSS

Exploits0References5

Cvelist•added 4 days ago•27 views

CVE-2026-10202 OFCMS JSON Query SystemDictController.java query sql injection

6.5CVSS0.00028EPSS

Exploits0References5

Positive Technologies•added 4 days ago•7 views

PT-2026-45219

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated remotely. T...

6.5CVSS6.4AI score0.00028EPSS

Exploits0References6

Positive Technologies•added 4 days ago•11 views

PT-2026-45220

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched remotely. T...

6.5CVSS6.4AI score0.00028EPSS

Exploits0References6

CNNVD•added 2026/05/26 12:0 a.m.•3 views

OpenKM SQL注入漏洞

OpenKM is a document management system developed by OpenKM Company in Spain. This system offers features such as version control, file history, and file sharing. Version OpenKM 6.3.12 has a SQL injection vulnerability; this vulnerability stems from an unlimited SQL execution flaw, which could all...

8.6CVSS6.2AI score0.00043EPSS

Exploits0References7

NVD•added 2026/04/20 2:16 p.m.•0 views

CVE-2025-66335

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

5.3CVSS0.00116EPSS

Exploits0References2

Positive Technologies•added 2026/04/19 12:0 a.m.•0 views

PT-2026-33643

Name of the Vulnerable Software and Affected Versions Apache Doris MCP Server versions prior to 0.6.1 Description An improper neutralization flaw in query context handling within the MCP query execution interface may allow the execution of unintended SQL statements. This can lead to the bypass of...

5.3CVSS6AI score0.00116EPSS

Exploits0References9

OSV•added 2026/03/10 6:28 p.m.•3 views

GO-2026-4592 SiYuan's direct SQL Query API accessible to Reader-level users enables unauthorized database access in github.com/siyuan-note/siyuan/kernel

SiYuan's direct SQL Query API accessible to Reader-level users enables unauthorized database access in github.com/siyuan-note/siyuan/kernel...

8.8CVSS5.9AI score0.00068EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by