CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/17 12:0 a.m.•6 views

Bylancer Zechat SQL注入漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability stems from the v parameter being subject to SQL injecti...

8.8CVSS5.9AI score0.00267EPSS

Exploits0References1

Positive Technologies•added 2026/05/17 12:0 a.m.•8 views

PT-2026-41545

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents id parameter. Attackers can send GET requests to the event add.php page with malicious myevents id values to extrac...

7.1CVSS5.9AI score0.00268EPSS

Positive Technologies•added 2026/05/17 12:0 a.m.•8 views

PT-2026-41590

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...

7.5CVSS6.8AI score0.00259EPSS

Positive Technologies•added 2026/05/17 12:0 a.m.•8 views

PT-2026-41556

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

8.8CVSS5.8AI score0.00317EPSS

Positive Technologies•added 2026/05/17 12:0 a.m.•8 views

PT-2026-41591

A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for...

5.8CVSS5.6AI score0.00206EPSS

Positive Technologies•added 2026/05/17 12:0 a.m.•7 views

PT-2026-41519

A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been publicly...

7.5CVSS6.8AI score0.00259EPSS

NVD•added 2026/05/16 4:16 p.m.•9 views

CVE-2021-47954

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the searchquery parameter. Attackers can send POST requests to /search.php with malicious searchquery values using CASE WHEN statements to extra...

8.8CVSS0.00237EPSS

NVD•added 2026/05/16 4:16 p.m.•6 views

CVE-2021-47956

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive databas...

NVD•added 2026/05/16 4:16 p.m.•10 views

CVE-2020-37242

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or...

NVD•added 2026/05/16 4:16 p.m.•19 views

CVE-2020-37243

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and...

Vulnrichment•added 2026/05/16 3:26 p.m.•9 views

CVE-2021-47980 Fuel CMS 1.4.13 Blind SQL Injection via col Parameter

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

7.1CVSS5.9AI score0.00226EPSS

CVE•added 2026/05/16 3:26 p.m.•7 views

CVE-2021-47956

The connected documents identify CVE-2021-47956 as affecting EgavilanMedia PHPCRUD 1.0 and describe a SQL injection vulnerability allowing unauthenticated attackers to manipulate database queries via the firstname parameter. Exploitation details include sending crafted POST requests to insert.php...

8.8CVSS5.9AI score0.00276EPSS

Cvelist•added 2026/05/16 3:26 p.m.•34 views

CVE-2021-47956 EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname

EUVD•added 2026/05/16 3:26 p.m.•5 views

EUVD-2021-34824

8.8CVSS5.9AI score0.00276EPSS

Vulnrichment•added 2026/05/16 3:26 p.m.•8 views

CVE-2021-47956 EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname

8.8CVSS5.9AI score0.00276EPSS

Cvelist•added 2026/05/16 3:26 p.m.•27 views

CVE-2021-47954 LayerBB 1.1.4 SQL Injection via search_query Parameter

8.8CVSS0.00237EPSS

EUVD•added 2026/05/16 3:26 p.m.•7 views

EUVD-2021-34841

8.8CVSS5.9AI score0.00237EPSS

CVE•added 2026/05/16 3:25 p.m.•10 views

CVE-2020-37244

Supsystic Membership 1.4.7 (WordPress plugin) contains an SQL injection vulnerability in the badges module, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting payloads through the 'search' and 'sidx' parameters. Attacks can use time-based blind or UNION-based SQL inj...

8.8CVSS6.1AI score0.00276EPSS