CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.1CVSS5.9AI score0.00274EPSS

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

CNNVD•added 2026/05/27 12:0 a.m.•5 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECT24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymbCONNECT24 is an internal...

7.1CVSS5.9AI score0.00274EPSS

8.7CVSS5.9AI score0.00412EPSS

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

CNNVD•added 2026/05/27 12:0 a.m.•7 views

WordPress plugin Active Products Tables for WooCommerce SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

9.3CVSS5.8AI score0.00291EPSS

CNNVD•added 2026/05/27 12:0 a.m.•5 views

WordPress plugin Easy Form Builder SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.3CVSS5.9AI score0.00236EPSS

8.7CVSS5.9AI score0.00248EPSS

Pi.Alert SQL注入漏洞

Pi.Alert is a WIFI/LAN intrusion detector developed by the individual developer jokob-sk. Versions of Pi.Alert prior to version 2026-05-07 contained an SQL injection vulnerability. This vulnerability stemmed from improper handling of the action and scansource parameters in requests sent to...

CNNVD•added 2026/05/27 12:0 a.m.•8 views

uzy-ssm-mall 安全漏洞

uzy-ssm-mall Yuzu Cloud E-commerce Mall is an SSM framework developed by the developer ghostxbh. It is used to create e-commerce stores, bookstore stores, and customer management systems. Version 1.1.0 of uzy-ssm-mall contains security vulnerabilities. These vulnerabilities stem from SQL injectio...

5.3CVSS5.9AI score0.00288EPSS

Exploits0References2

CNNVD•added 2026/05/27 12:0 a.m.•8 views

itsourcecode Courier Management System SQL注入漏洞

itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the file/manageuser.php,...

7.5CVSS7.2AI score0.00254EPSS

8.5CVSS5.9AI score0.0026EPSS

WordPress plugin MasterStudy LMS SQL注入漏洞

7CVSS5.9AI score0.00239EPSS

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

8.7CVSS5.9AI score0.0032EPSS

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

CNNVD•added 2026/05/27 12:0 a.m.•7 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

7.1CVSS5.9AI score0.00274EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-43556

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files mb24confi getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS

Exploits0References2

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-43599

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00223EPSS

Exploits0References2

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-44024

Name of the Vulnerable Software and Affected Versions Duplicate Page and Post versions prior to 2.9.6 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return the...

8.5CVSS5.9AI score0.00223EPSS

Exploits0References4

ATTACKERKB•added 2026/05/26 11:30 p.m.•4 views

CVE-2026-9606

A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manageuser.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be...

Exploits0References5Affected Software1

EUVD•added 2026/05/26 11:30 p.m.•7 views

EUVD-2026-32024

Vulnrichment•added 2026/05/26 11:30 p.m.•10 views

CVE-2026-9606 itsourcecode Courier Management System manage_user.php sql injection

CVE•added 2026/05/26 11:30 p.m.•10 views

CVE-2026-9606

The vulnerability CVE-2026-9606 affects itsourcecode Courier Management System 1.0, specifically the /manage_user.php component. The root cause is manipulation of the ID parameter that leads to a SQL injection, with remote exploitation confirmed and a public exploit disclosed. The CVSS-based data...

NVD•added 2026/05/26 10:16 p.m.•13 views

CVE-2026-9584

A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly a...

7.5CVSS0.00254EPSS