CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2776 matches found

EUVD-2026-37711

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0...

8.5CVSS5.6AI score

Exploits0References2

EUVD•added 2 hours ago•4 views

EUVD-2026-37657

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...

8.5CVSS5.7AI score

Exploits0References2

NVD•added 6 hours ago•2 views

CVE-2026-54809

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10...

9.3CVSS

Exploits0References1

Cvelist•added 11 hours ago•6 views

CVE-2026-54185 WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability

Subscriber SQL Injection in Cornerstone 7.8.8 versions...

8.5CVSS

Exploits0References1

Cvelist•added 11 hours ago•3 views

CVE-2026-49076 WordPress JetEngine plugin <= 3.8.9.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine = 3.8.9.1 versions...

9.3CVSS

Exploits0References1

Cvelist•added 11 hours ago•3 views

CVE-2026-22340 WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...

9.3CVSS

Exploits0References1

Cvelist•added 11 hours ago•4 views

CVE-2025-69135 WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...

8.5CVSS

Exploits0References1

Nuclei•added 15 hours ago•24 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS5.7AI score0.01875EPSS

Exploits1References2

EUVD•added 2 days ago•4 views

EUVD-2026-36926

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References2

EUVD•added 2 days ago•5 views

EUVD-2026-36910

Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...

8.5CVSS5.7AI score0.00253EPSS

Exploits0References2

NVD•added 2 days ago•5 views

CVE-2026-42665

Unauthenticated SQL Injection in WP Data Access = 5.5.70 versions...

9.3CVSS0.00283EPSS

Exploits0References1

EUVD•added 2 days ago•7 views

EUVD-2026-36903

Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...

8.5CVSS5.7AI score0.00349EPSS

Exploits0References1

Positive Technologies•added 2 days ago•10 views

PT-2026-49225

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicate quote invoice an...

7.1CVSS5.7AI score0.00226EPSS

Exploits0References5

Positive Technologies•added 2 days ago•8 views

PT-2026-49415

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References2

Vulnrichment•added 4 days ago•5 views

CVE-2026-12175 CodeAstro Student Attendance Management System createStudents.php sql injection

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is...

5.8CVSS5.1AI score0.00334EPSS

Exploits0References6

Vulnrichment•added 6 days ago•7 views

CVE-2026-39494 WordPress Product Filter by WBW plugin <= 3.1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2...

9.3CVSS5.6AI score0.0039EPSS

Exploits0References1

NVD•added 6 days ago•10 views

CVE-2026-38581

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

9.8CVSS0.00329EPSS

Exploits1References2

Mageia•added 6 days ago•7 views

Updated roundcubemail packages fix security vulnerabilities

Multiple security vulnerabilities were discovered in RoundCube Webmail, which could result in cross-site scripting, SQL injection, SSRF bypass, information disclosure, denial of service or code injection...

8.1CVSS5.6AI score0.0066EPSS

Exploits1References5