Lucene search
K

234096 matches found

EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-37842

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'groupids' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS5.8AI score
Exploits0References11
CVE
CVE
added 2 hours ago7 views

CVE-2026-55740

CVE-2026-55740 affects Nur-Alam39 bus-ticket. The vulnerability is an unauthenticated SQL injection in bus_info.php where the busid parameter from an HTTP POST is concatenated directly into the query: select * from bus_info where id=$busid. This occurs in a numeric context and is not sanitized, e...

9.8CVSS5.9AI score
Exploits0References2
CVE
CVE
added 3 hours ago5 views

CVE-2026-11360

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.9AI score
Exploits0References14
CVE
CVE
added 4 hours ago5 views

CVE-2026-11776

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'groupids' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS5.9AI score
Exploits0References10
CVE
CVE
added 4 hours ago5 views

CVE-2026-11777

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS5.9AI score
Exploits0References10
EUVD
EUVD
added yesterday4 views

EUVD-2026-37631

Unauthenticated SQL Injection in JobSearch = 3.2.9 versions...

9.3CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-37632

Unauthenticated SQL Injection in JetEngine = 3.8.10.1 versions...

9.3CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-37644

Unauthenticated SQL Injection in WP eMember v10.9.4 versions...

9.3CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-37619

Unauthenticated SQL Injection in JetSearch = 3.5.17 versions...

9.3CVSS5.7AI score
Exploits1References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-37589

Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...

9.3CVSS5.7AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-37655

Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...

9.3CVSS5.7AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-37660

Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...

9.3CVSS5.7AI score
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-37552

The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listingloadmore AJAX handler accepts a filteredquery parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However,...

7.5CVSS5.7AI score0.00414EPSS
Exploits0References7
EUVD
EUVD
added yesterday4 views

EUVD-2025-210229

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...

8.5CVSS5.7AI score
Exploits0References2
Patchstack
Patchstack
added yesterday3 views

WordPress Tutor LMS – eLearning and online course solution plugin <= 3.9.11 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by s1kr10s - Nayrox in WordPress Plugin Tutor LMS versions = 3.9.11...

4.9CVSS5.9AI score
Exploits0References1Affected Software1
NVD
NVD
added yesterday6 views

CVE-2026-35068

Dell PowerFlex Manager, versions Versions, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure...

3.5CVSS
Exploits0References1
Patchstack
Patchstack
added yesterday3 views

WordPress Advanced Order Export For WooCommerce plugin <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection vulnerability

Authenticated Shop Manager+ SQL Injection vulnerability discovered by Yaswanth Reddy Sunkara in WordPress Plugin Advanced Order Export For WooCommerce versions = 4.0.10...

4.9CVSS5.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday3 views

WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.43 - Authenticated (Adminsitrator+) SQL Injection vulnerability

Authenticated Adminsitrator+ SQL Injection vulnerability discovered by Muhammad Arsalan Diponegoro tripoloski in WordPress Plugin Form Maker by 10Web versions = 1.15.43...

4.9CVSS5.9AI score
Exploits0References1Affected Software1
NVD
NVD
added yesterday4 views

CVE-2026-54812

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109...

9.3CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-35069

CVE-2026-35069 affects Dell PowerFlex Manager. The issue is an SQL injection caused by improper neutralization of special elements in SQL commands within the product’s components, allowing a low-privileged, adjacent-network attacker to potentially perform script injection. Impact described includ...

5.7CVSS5.7AI score
Exploits0References1
Rows per page
Query Builder