CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 14 hours ago•57 views

Stash < 0.26.0 - SQL Injection

Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter. id: CVE-2024-32231 info: name: Stash Stash" tags: cve,cve2024,stash,sqli,vuln http: - raw: - | POST /graphql HTTP/1.1 Host: Hostname Content-type: application/json...

6.3CVSS5.8AI score0.01179EPSS

Exploits0References5

CVE•added yesterday•16 views

CVE-2026-47375

CVE-2026-47375 (NocoDB) : A Postgres-backed deployment is vulnerable to authenticated SQL injection through the ARRAYSORT formula when a user with columnAdd permission supplies a malicious second argument. The issue arises because the attacker-controlled value is embedded into a knex.raw ORDER BY...

6CVSS6AI score0.00027EPSS

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. Redis does not correctly identify keys accessed using SORTRO. As a result, it may grant users who execute this command access to keys that are not explicitly authorized by the ACL configuration. This issue exists in Redis 7.0 or later...

3.3CVSS6.3AI score0.0034EPSS

NVD•added 6 days ago•9 views

CVE-2026-11360

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00369EPSS

CVE•added 6 days ago•22 views

CVE-2026-11360

The CVE-2026-11360 entry concerns the WordPress plugin Advanced Order Export For WooCommerce (WooCommerce), affected up to version 4.0.10. The vulnerability is a generic SQL Injection via the sort_direction parameter caused by insufficient escaping and inadequate SQL query preparation. Exploitati...

4.9CVSS5.9AI score0.00369EPSS

EUVD•added 6 days ago•10 views

EUVD-2026-37844

4.9CVSS5.8AI score0.00369EPSS

Cvelist•added 6 days ago•22 views

CVE-2026-11360 Advanced Order Export For WooCommerce <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection via 'sort_direction' Parameter

4.9CVSS0.00369EPSS

RedhatCVE•added 2026/06/11 2:59 a.m.•8 views

CVE-2026-41719

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

6.4CVSS5.5AI score0.00202EPSS

RedhatCVE•added 2026/06/11 2:59 a.m.•9 views

CVE-2026-41711

Applications using Spring Data Commons may be vulnerable to a Denial of Service DoS attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through...

5.9CVSS5.4AI score0.0028EPSS

RedhatCVE•added 2026/06/10 8:59 a.m.•10 views

CVE-2026-8940

The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. This makes it possible for unauthenticated attackers to chan...

4.3CVSS5.4AI score0.00128EPSS

Snyk•added 2026/06/10 1:13 a.m.•4 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' in the SpelPropertyComparator function. An attacker can execute arbitrary SpEL expressions by supplying crafted input t...

6.4CVSS5.7AI score0.00202EPSS

Snyk•added 2026/06/10 1:13 a.m.•8 views

Denial of Service (DoS)

Overview org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds. Affected versions of this package are vulnerable to Denial of Service DoS in the parsing of Sort parameters. An attacker can cause a stack overflo...

8.2CVSS5.6AI score0.0028EPSS

EUVD•added 2026/06/10 12:31 a.m.•10 views

EUVD-2026-35901

6.4CVSS5.5AI score0.00202EPSS

EUVD•added 2026/06/10 12:31 a.m.•7 views

EUVD-2026-35897

5.9CVSS5.4AI score0.0028EPSS

NVD•added 2026/06/10 12:16 a.m.•11 views

CVE-2026-41711

5.9CVSS0.0028EPSS

NVD•added 2026/06/10 12:16 a.m.•11 views

CVE-2026-41719

6.4CVSS0.00202EPSS

CNNVD•added 2026/06/10 12:0 a.m.•10 views

VMware Spring Data KeyValue和VMware Spring Data Redis 安全漏洞

VMware Spring Data KeyValue and VMware Spring Data Redis are both products of the American company VMware. VMware Spring Data KeyValue is a key-value storage data access framework. VMware Spring Data Redis is a Redis data access framework. Both VMware Spring Data KeyValue and VMware Spring Data...

6.4CVSS5.4AI score0.00202EPSS

CNNVD•added 2026/06/10 12:0 a.m.•10 views

VMware Spring Data Commons 资源管理错误漏洞

VMware Spring Data Commons is a data access abstraction framework developed by VMware Corporation. There is a resource management vulnerability in VMware Spring Data Commons, which may lead to a StackOverflowException during the parsing of Sort parameters, resulting in a denial-of-service attack...

5.9CVSS5.3AI score0.0028EPSS