CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

Veracode•added 2026/05/15 9:9 p.m.•8 views

Blind SQL Injection

Zabbix is vulnerable to blind SQL injection. The vulnerability is due to improper sanitization of the sortfield parameter in include/classes/api/CApiService.php, which allows a low-privileged user with API access to execute arbitrary SQL select queries and exfiltrate database data through...

8.7CVSS6.2AI score0.00045EPSS

Exploits0References3Affected Software1

NVD•added 2026/04/26 10:17 p.m.•3 views

CVE-2026-7060

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

7.5CVSS0.00048EPSS

Exploits0References6

SUSE CVE•added 2026/03/25 4:54 p.m.•2 views

SUSE CVE-2026-23921

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

8.7CVSS6.1AI score0.00045EPSS

Exploits0References3

EUVD•added 2026/03/24 9:31 p.m.•0 views

EUVD-2026-14955

8.7CVSS6.1AI score0.00045EPSS

Exploits0References2

OSV•added 2026/03/24 7:16 p.m.•2 views

DEBIAN-CVE-2026-23921

8.7CVSS6.1AI score0.00045EPSS

Exploits0References1

NVD•added 2026/03/24 7:16 p.m.•0 views

CVE-2026-23921

8.7CVSS0.00045EPSS

Exploits0References1

OSV•added 2026/03/24 7:16 p.m.•2 views

UBUNTU-CVE-2026-23921

8.7CVSS6.1AI score0.00045EPSS

Exploits0References3

ATTACKERKB•added 2026/03/24 6:28 p.m.•2 views

CVE-2026-23921

8.7CVSS6.1AI score0.00045EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/03/24 6:28 p.m.•15 views

CVE-2026-23921 Blind, read-only SQL injection in Zabbix API via sortfield parameter

8.7CVSS0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/03/24 6:28 p.m.•2 views

CVE-2026-23921 Blind, read-only SQL injection in Zabbix API via sortfield parameter

8.7CVSS6.1AI score0.00045EPSS

Exploits0References1

CVE•added 2026/03/24 6:28 p.m.•7 views

CVE-2026-23921

CVE-2026-23921 concerns a blind SQL injection in Zabbix’s API layer. A low-privilege Zabbix user with API access can target include/classes/api/CApiService.php via the sortfield parameter to perform arbitrary SQL selects. While results are not returned directly, an attacker can exfiltrate data th...

8.7CVSS6.1AI score0.00045EPSS

Exploits0References1

CNNVD•added 2026/03/24 12:0 a.m.•3 views

Zabbix 安全漏洞

Zabbix is a set of open-source monitoring systems developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities; one of these vulnerabilities stems from SQL injection in the sortfield paramete...

8.7CVSS5.9AI score0.00045EPSS

Exploits0References3

RedhatCVE•added 2026/02/28 7:47 a.m.•3 views

CVE-2026-3287

A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of t...

9.8CVSS6.4AI score0.00013EPSS

Exploits1References1

RedhatCVE•added 2025/10/20 6:23 p.m.•3 views

CVE-2025-11911

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.do?Action=Query. The manipulation of the argument sortField results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

8.8CVSS6.5AI score0.00044EPSS

Exploits1References1

CVE•added 2025/10/17 7:32 p.m.•8 views

CVE-2025-11911

CVE-2025-11911 affects Shenzhen Ruiming Technology’s Streamax Crocus 1.3.40. The vulnerability resides in the function handling the URL path /DeviceFault.do?Action=Query, where manipulating the argument sortField triggers a SQL injection. It is exploitable remotely, and public exploits exist. Mul...

8.8CVSS6.7AI score0.00044EPSS

Exploits1References4Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-3760

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01997EPSS

Exploits0References5

Tenable Nessus•added 2025/09/10 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2018-9019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to...

9.8CVSS8.8AI score0.01997EPSS

Exploits0References2

NVD•added 2025/07/14 8:15 p.m.•4 views

CVE-2025-53639

MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statements through the sorting functionality. Th...

9.8CVSS0.00317EPSS

Exploits0References1

OSV•added 2025/07/14 8:4 p.m.•1 views

CVE-2025-53639 Metersphere has SQL Injection Vulnerability in Sorting Field

7.2CVSS7.8AI score0.00317EPSS

Exploits0References3

Positive Technologies•added 2025/07/14 12:0 a.m.•1 views

PT-2025-29510 · Unknown · Metersphere

Name of the Vulnerable Software and Affected Versions: MeterSphere versions prior to 3.6.5-lts Description: MeterSphere, a continuous testing platform, contains a flaw due to improper validation or sanitization of the sortField parameter in specific API endpoints. This allows attackers to inject...

7.2CVSS7.4AI score0.00317EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by