CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

472 matches found

ATTACKERKB•added 2026/01/20 9:56 p.m.•4 views

CVE-2026-21939

Vulnerability in the SQLcl component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where SQLcl executes to compromise SQLcl. Successful attacks require human...

7CVSS7.2AI score0.00172EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/01/09 12:37 p.m.•6 views

CVE-2023-49429

Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules...

9.8CVSS8.3AI score0.02411EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:25 p.m.•6 views

CVE-2018-12039

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...

9.8CVSS8.4AI score0.04679EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:40 a.m.•4 views

CVE-2022-35599

A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode...

9.8CVSS8.7AI score0.00758EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:33 a.m.•8 views

CVE-2024-39843

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs...

6.7CVSS8.5AI score0.02094EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:47 a.m.•7 views

CVE-2025-23912

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Philipp Speck WordPress Custom Sidebar wordpress-custom-sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through = 2.3...

8.5CVSS7.3AI score0.00491EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:41 a.m.•10 views

CVE-2022-0258

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

8.8CVSS7.2AI score0.01626EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:41 a.m.•7 views

CVE-2022-0224

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

9.8CVSS7.2AI score0.01995EPSS

Exploits1References1

Tenable Nessus•added 2025/11/13 12:0 a.m.•6 views

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in an SQL Command (CVE-2022-24407)

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

8.8CVSS7.1AI score0.04123EPSS

Exploits0References4