CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/28 6:16 a.m.•1 views

CVE-2026-7228

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function getcartcount of the file /admin/ajax.php?action=getcartcount. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has be...

7.5CVSS0.00043EPSS

NVD•added 2026/04/28 6:16 a.m.•0 views

CVE-2026-7225

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function deletemenu of the file /admin/ajax.php?action=deletemenu. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit...

7.5CVSS0.00043EPSS

EUVD•added 2026/04/28 6:3 a.m.•0 views

EUVD-2026-25994

Vulnrichment•added 2026/04/28 6:3 a.m.•1 views

CVE-2026-40967

ATTACKERKB•added 2026/04/28 6:3 a.m.•3 views

CVE-2026-40967

Exploits0References2Affected Software1

CVE•added 2026/04/28 6:3 a.m.•13 views

CVE-2026-40967

Summary : CVE-2026-40967 affects Spring AI 1.0.0–1.0.5 (fix in 1.0.6) and 1.1.0–1.1.4 (fix in 1.1.5). In several FilterExpressionConverter implementations, filter expression keys/values aren’t properly escaped, enabling an attacker to alter vector store queries. This could impact query integrity ...

Exploits0References1Affected Software1

Cvelist•added 2026/04/28 6:3 a.m.•36 views

CVE-2026-40967

8.6CVSS0.00031EPSS

Cvelist•added 2026/04/28 5:15 a.m.•33 views

CVE-2026-7228 SourceCodester Pizzafy Ecommerce System ajax.php get_cart_count sql injection

7.5CVSS0.00043EPSS

CVE•added 2026/04/28 4:45 a.m.•6 views

CVE-2026-7226

SourceCodester Pizzafy Ecommerce System 1.0 contains a SQL injection in the /admin/ajax.php?action=login2 function (parameter e-mail). Remote exploitation is possible and the exploit has been publicly disclosed. This CVE entry documents a critical vulnerability scenario affecting login handling; ...

7.5CVSS7.2AI score0.00043EPSS

EUVD•added 2026/04/28 4:30 a.m.•5 views

EUVD-2026-25989

7.5CVSS5.5AI score0.00043EPSS

Snyk•added 2026/04/28 2:16 a.m.•1 views

SQL Injection

Overview sqlite-mcp is an A lightweight Model Context Protocol server for allowing LLMs to autonomously interact with SQLite database. Affected versions of this package are vulnerable to SQL Injection via the extracttojson function. An attacker can execute arbitrary SQL commands by manipulating t...

7.5CVSS7.5AI score0.00048EPSS

Exploits0References2

Positive Technologies•added 2026/04/28 12:0 a.m.•3 views

PT-2026-35662

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function delete menu of the file /admin/ajax.php?action=delete menu. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploi...

7.5CVSS7.3AI score0.00043EPSS

Exploits0References8

Positive Technologies•added 2026/04/28 12:0 a.m.•1 views

PT-2026-35732

A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function delete expired of the file /ajax.php?action=delete expired. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit i...

5.8CVSS5.1AI score0.00039EPSS

Exploits0References6

CNNVD•added 2026/04/28 12:0 a.m.•6 views

ProFTPD SQL注入漏洞

ProFTPD is an open-source FTP server software with high configurability developed by ProFTPD. Versions of ProFTPD prior to 1.3.10rc1 contained a SQL injection vulnerability. This vulnerability originated from the modsql module. In scenarios where USER requests with extensions like %U are recorded...

8.1CVSS6.5AI score0.0699EPSS

Exploits6References1

Positive Technologies•added 2026/04/28 12:0 a.m.•3 views

PT-2026-37036

Name of the Vulnerable Software and Affected Versions github.com/gofiber/fiber/v3 versions prior to 3.1.0 Description The default key generator in the cache middleware uses only the request path via the c.Path function and excludes the query string. Consequently, requests targeting the same path...

6.5CVSS5.8AI score0.0004EPSS

Exploits1References10

CNNVD•added 2026/04/28 12:0 a.m.•6 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability. This vulnerability stems from the ID parameter in the getcartcount function of the...

7.5CVSS7.2AI score0.00043EPSS

Positive Technologies•added 2026/04/28 12:0 a.m.•3 views

PT-2026-35667

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.5 Spring AI versions 1.1.0 through 1.1.4 Description Various FilterExpressionConverter implementations fail to properly escape keys and values when translating filter expression objects into specific vector...

8.6CVSS5.8AI score0.00031EPSS

Exploits0References8

CNNVD•added 2026/04/28 12:0 a.m.•5 views

VMware Spring AI SQL注入漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. Versions 1.0.0 to 1.0.5 and 1.1.0 to 1.1.4 of VMware Spring AI contain SQL injection vulnerabilities. These...

8.8CVSS6.1AI score0.00024EPSS