CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

216098 matches found

Positive Technologies•added 2 days ago•8 views

PT-2026-49466

Unauthenticated SQL Injection in Realtyna Organic IDX plugin = 5.1.0 versions...

9.3CVSS5.7AI score0.00291EPSS

Exploits0References2

Positive Technologies•added 2 days ago•5 views

PT-2026-49355

Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...

8.5CVSS5.7AI score0.00253EPSS

Exploits0References2

Positive Technologies•added 2 days ago•9 views

PT-2026-49306

Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert builds an INSERT against HARVEST SITE SCHEDULE via string...

9.8CVSS5.7AI score0.0037EPSS

Exploits0References3

Positive Technologies•added 2 days ago•7 views

PT-2026-49487

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

8.5CVSS5.7AI score0.00332EPSS

Exploits0References2

Positive Technologies•added 2 days ago•5 views

PT-2026-49493

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...

8.5CVSS5.7AI score0.00332EPSS

Exploits0References2

Positive Technologies•added 2 days ago•8 views

PT-2026-49490

Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...

9.3CVSS5.7AI score0.00283EPSS

Exploits0References2

Positive Technologies•added 2 days ago•6 views

PT-2026-49504

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...

9.3CVSS5.7AI score0.00297EPSS

Exploits0References2

Positive Technologies•added 2 days ago•6 views

PT-2026-49411

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

8.5CVSS5.7AI score0.00332EPSS

Exploits0References2

CVE•added 2 days ago•11 views

CVE-2026-50890

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

9.8CVSS5.7AI score0.00153EPSS

Exploits0References1

Packet Storm•added 2 days ago•34 views

📄 FreePBX SQL Injection / Shell Upload / Remote Root

This Python3 script exploits a remote SQL injection vulnerability in FreePBX and adds a remote shell that achieves root privileges. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3...

10CVSS6.3AI score0.8736EPSS

Exploits15

Cvelist•added 3 days ago•23 views

CVE-2026-12188 Grit42 Grit GritEntityController grit_entity_controller.rb sql injection

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/gritentitycontroller.rb of the component GritEntityController. Performing a manipulation results in sql injection. The...

6.5CVSS0.00196EPSS

Exploits0References5

CVE•added 3 days ago•13 views

CVE-2026-12188

Affected software: Grit42 Grit (up to 0.11.0). Vulnerable component: grit_entity_controller.rb (modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb) within GritEntityController. Issue: SQL injection triggered by manipulating a function in the controller; described as...

6.5CVSS6.4AI score0.00196EPSS

Exploits0References5

Vulnrichment•added 3 days ago•4 views

CVE-2026-12188 Grit42 Grit GritEntityController grit_entity_controller.rb sql injection

6.5CVSS6.3AI score0.00196EPSS

Exploits0References5

GithubExploit•added 3 days ago•55 views

TechMyst-Toolkit

TechMyst-Toolkit "An automated Bug...

5.3AI score

Exploits0

Positive Technologies•added 3 days ago•9 views

PT-2026-49145

Name of the Vulnerable Software and Affected Versions Grit42 Grit versions prior to 0.11.0 Description A SQL injection issue exists in the GritEntityController component, specifically within the file modules/core/backend/app/controllers/concerns/grit/core/grit entity controller.rb. This flaw allo...

6.5CVSS6.9AI score0.00196EPSS

Exploits0References7

NVD•added 4 days ago•11 views

CVE-2026-12175

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is...

5.8CVSS0.00334EPSS

Exploits0References6

Cvelist•added 4 days ago•22 views

CVE-2026-12175 CodeAstro Student Attendance Management System createStudents.php sql injection

5.8CVSS0.00334EPSS

Exploits0References6

CVE•added 4 days ago•14 views

CVE-2026-12175

CodeAstro Student Attendance Management System 1.0 is affected. The vulnerability resides in /attendance-php/Admin/createStudents.php where manipulating the admissionNumber parameter enables an SQL injection. It supports remote exploitation and the exploit is public. No remediation or patch detai...

5.8CVSS5.3AI score0.00334EPSS

Exploits0References6

NVD•added 4 days ago•9 views

CVE-2026-6428

SQL Injection in reports/catalogueout.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary da...

7.6CVSS0.00244EPSS

Exploits0References3

Cvelist•added 4 days ago•26 views

CVE-2026-6428

7.6CVSS0.00244EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by