Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

216212 matches found

Vulnrichment
Vulnrichmentadded 2026/05/26 7:0 p.m.6 views

CVE-2026-9573 itsourcecode Student Transcript Processing System index.php sql injection

A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated remotely. The explo...

7.5CVSS7AI score0.00259EPSS
Exploits0References5
NVD
NVDadded 2026/05/26 6:16 p.m.12 views

CVE-2026-46624

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS0.00387EPSS
Exploits1References1
Patchstack
Patchstackadded 2026/05/26 5:33 p.m.6 views

WordPress EnvíaloSimple: Email Marketing y Newsletters plugin <= 2.4.5 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Maurice Fielenbach Hexastrike - Hexastrike Cybersecurity UG haftungsbeschränkt in WordPress Plugin EnvíaloSimple versions = 2.4.5...

4.9CVSS5.9AI score0.00294EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/05/26 5:16 p.m.10 views

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS0.00949EPSS
Exploits2References5
NVD
NVDadded 2026/05/26 5:16 p.m.10 views

CVE-2026-35222

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

9.8CVSS0.0031EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 5:16 p.m.8 views

CVE-2025-36220

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

9.8CVSS0.00443EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/26 5:7 p.m.43 views

CVE-2026-44706 Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

8.5CVSS0.00227EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/26 5:7 p.m.4 views

CVE-2026-44706

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

8.5CVSS6.1AI score0.00227EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/26 5:7 p.m.6 views

CVE-2026-44706 Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

8.5CVSS6.1AI score0.00227EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/26 5:7 p.m.11 views

EUVD-2026-31913

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

8.5CVSS6.1AI score0.00227EPSS
Exploits1References1
CVE
CVEadded 2026/05/26 5:7 p.m.16 views

CVE-2026-44706

Chatwoot (versions 2.2.0–4.11.1) is affected by a SQL injection in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the is_greater_than or is_less_than operators, values are interpolated directly into the SQL query without parameterizatio...

8.5CVSS6.1AI score0.00227EPSS
Exploits1References1
CVE
CVEadded 2026/05/26 5:1 p.m.30 views

CVE-2026-46624

CVE-2026-46624 affects Twenty CRM (open source). From 1.7.7 to 1.16.7, a critical Remote Code Execution (RCE) exists via a chained SQL Injection and a PostgreSQL COPY TO PROGRAM attack. If the PostgreSQL user is a super user, any authenticated user can execute arbitrary OS commands on the databas...

9.9CVSS6.2AI score0.00387EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/05/26 5:1 p.m.26 views

CVE-2026-46624 Twenty: SQL Injection via the timeZone field

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS0.00387EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/26 5:1 p.m.5 views

CVE-2026-46624

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS6.2AI score0.00387EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/05/26 4:49 p.m.35 views

CVE-2026-44680 MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS0.00949EPSS
Exploits2References5
EUVD
EUVDadded 2026/05/26 4:49 p.m.7 views

EUVD-2026-31893

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS6AI score0.00949EPSS
Exploits2References5
Vulnrichment
Vulnrichmentadded 2026/05/26 4:49 p.m.6 views

CVE-2026-44680 MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS6AI score0.00949EPSS
Exploits2References5
ATTACKERKB
ATTACKERKBadded 2026/05/26 4:49 p.m.5 views

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS6AI score0.00949EPSS
Exploits2References6Affected Software3
CVE
CVEadded 2026/05/26 4:49 p.m.13 views

CVE-2026-44680

MikroORM is vulnerable to SQL injection via runtime-controlled identifiers and JSON-path keys. The root cause is improper escaping in the identifier-quoting helper (Platform.quoteIdentifier and PostgreSQL/MSSQL overrides) and in JSON-path emitters (Platform.getSearchJsonPropertyKey, quoteJsonKey)...

7.6CVSS6AI score0.00949EPSS
Exploits2References5
Cvelist
Cvelistadded 2026/05/26 4:46 p.m.38 views

CVE-2026-35221 Joomla! Core - [20260506] - Authenticated blind SQLi in com_finder

Improperly built filter clauses lead to a SQL injection vulnerability in the search query for comfinder...

6.9CVSS0.0031EPSS
Exploits0References1
Rows per page
Query Builder