CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/12 3:31 a.m.•21 views

EUVD-2026-29371

SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...

9.6CVSS5.9AI score0.00466EPSS

NVD•added 2026/05/12 3:16 a.m.•14 views

CVE-2026-40131

3.4CVSS0.00173EPSS

CVE•added 2026/05/12 2:20 a.m.•16 views

CVE-2026-40131

The CVE-2026-40131 entry concerns the SAP HDI deploy library (@sap/hdi-deploy). Affected component: SQL queries are dynamically constructed from user input without proper parameterization/prepared statements (root cause: lack of parameterization). Impact: confidentiality and availability of the a...

3.4CVSS5.9AI score0.00173EPSS

Cvelist•added 2026/05/12 2:20 a.m.•34 views

CVE-2026-40131 SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library

3.4CVSS0.00173EPSS

Vulnrichment•added 2026/05/12 2:20 a.m.•7 views

CVE-2026-40131 SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library

3.4CVSS5.9AI score0.00173EPSS

ATTACKERKB•added 2026/05/12 2:20 a.m.•7 views

CVE-2026-34260

9.6CVSS5.9AI score0.00466EPSS

CVE•added 2026/05/12 2:20 a.m.•19 views

CVE-2026-34260

Summary of CVE-2026-34260 Affected software: SAP S/4HANA with SAP Enterprise Search for ABAP . Vulnerability: A SQL injection flaw where user-controlled input is directly concatenated into SQL queries and passed to the database without proper validation or sanitization. Impact: If exploited by an...

9.6CVSS5.9AI score0.00466EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

PT-2026-40302

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...

9.8CVSS5.8AI score0.00261EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•9 views

PT-2026-40024

Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description When the safe filter is used with variable expansion, subsequent pipelines on the same string are incorrectly treated as safe. This behavior allows unsafe data to be unescaped, which can lead to...

9.1CVSS5.8AI score0.00351EPSS

Exploits0References21

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-40016

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through = 11.4.0...

7.7CVSS5.8AI score0.00209EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•19 views

PT-2026-39945

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl function. This makes...

7.5CVSS5.9AI score0.00413EPSS

Exploits0References20

Positive Technologies•added 2026/05/12 12:0 a.m.•10 views

PT-2026-40292

9.8CVSS5.8AI score0.00261EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•9 views

PT-2026-40277

9.8CVSS5.8AI score0.00261EPSS

CNNVD•added 2026/05/12 12:0 a.m.•7 views

WordPress plugin AI Chatbot & Workflow Automation by AIWU SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00413EPSS

CNNVD•added 2026/05/12 12:0 a.m.•4 views

Fortinet FortiMail SQL注入漏洞

Fortinet FortiMail is a suite of email security gateway products developed by the American company Fortinet. This product provides features such as email security protection and data protection. Versions 7.6.0 to 7.6.3, 7.4.0 to 7.4.5, and 7.2.0 to 7.2.8 of Fortinet FortiMail contain SQL injectio...

7.2CVSS6.1AI score0.00359EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•11 views

PT-2026-40013

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through = 1.1.7.1...

7.6CVSS5.8AI score0.00226EPSS

CNNVD•added 2026/05/12 12:0 a.m.•5 views

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from SQL injection attacks, and they could allow...

7.2CVSS6.1AI score0.00315EPSS

CNNVD•added 2026/05/12 12:0 a.m.•5 views

WordPress plugin APIExperts Square for WooCommerce SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

8.5CVSS5.9AI score0.00223EPSS

CNNVD•added 2026/05/12 12:0 a.m.•7 views

WordPress plugin Ninja Forms Views SQL注入漏洞

8.5CVSS5.9AI score0.00223EPSS