CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1174 matches found

NVD•added 2026/04/14 12:16 a.m.•1 views

CVE-2026-27681

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...

9.9CVSS0.00061EPSS

Exploits0References2

ATTACKERKB•added 2026/04/14 12:8 a.m.•1 views

CVE-2026-27681

9.9CVSS5.9AI score0.00061EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/14 12:0 a.m.•1 views

PT-2026-32560

Name of the Vulnerable Software and Affected Versions SAP Business Planning and Consolidation affected versions not specified SAP Business Warehouse affected versions not specified Description Insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse...

9.9CVSS6.3AI score0.00061EPSS

Exploits0References20

Vulnrichment•added 2026/04/02 1:48 p.m.•0 views

CVE-2026-35168 OpenSTAManager: SQL Injection via Aggiornamenti Module

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti Updates module in OpenSTAManager contains a database conflict resolution feature op=risolvi-conflitti-database that accepts a JSON array of SQL statements via PO...

8.8CVSS6.2AI score0.00034EPSS

Exploits1References3

RedhatCVE•added 2026/03/26 3:2 p.m.•0 views

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

8.8CVSS6.2AI score0.00241EPSS

Exploits1References1

CNNVD•added 2026/03/03 12:0 a.m.•3 views

MCP MariaDB Server 安全漏洞

MCP MariaDB Server is a server implementation of the MariaDB open-source large language model context protocol. Versions of MCP MariaDB Server 11.8.5 and earlier contain security vulnerabilities. These vulnerabilities arise when the server audit plugin is enabled and specific filtering events are...

5.3CVSS7.1AI score0.00017EPSS

Exploits0References2

Veracode•added 2026/02/28 5:14 a.m.•2 views

Input Validation Bypass

Apache Superset is vulnerable to Input Validation Bypass. The vulnerability is due to specially crafted SQL statements can bypass the read-only verification check when using a PostgreSQL database connection, and attackers can exploit it to execute unauthorized actions...

7.1CVSS5.7AI score0.00041EPSS

Exploits0References2Affected Software1

Snyk•added 2026/01/12 11:55 p.m.•1 views

Allocation of Resources Without Limits or Throttling

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the customquery function. An attacker can cause excessive CPU or memory consumption by submitting crafted prompts that...

8.7CVSS7.6AI score0.00159EPSS

Exploits1References2

RedhatCVE•added 2026/01/09 12:39 p.m.•3 views

CVE-2023-43192

SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statemen...

8.8CVSS8AI score0.00167EPSS

Exploits1References1

CNVD•added 2025/12/30 12:0 a.m.•2 views

WordPress Brands for WooCommerce Plugin SQL Injection Vulnerability

WordPress Brands for WooCommerce Plugin is a category of plugins for WordPress websites that specialize in helping WooCommerce online stores manage product brands. WordPress Brands for WooCommerce Plugin suffers from a SQL injection vulnerability that stems from the application's lack of validati...

9.8CVSS8.1AI score0.00029EPSS

Exploits0References1

CNVD•added 2025/11/11 12:0 a.m.•2 views

Advantech iView SQL Injection Vulnerability (CNVD-2025-31061)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter...

8.8CVSS8.1AI score0.00132EPSS

Exploits0References1

CNVD•added 2025/10/15 12:0 a.m.•2 views

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by Weilian QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices, with functions similar to GoogleDrive, Dropbox and other cloud storage services, but with the data stored in the...

8.8CVSS7.8AI score0.001EPSS

Exploits0References1

CNVD•added 2025/10/13 12:0 a.m.•2 views

Beauty Parlour Management System manage-services.php File SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/manage-services.php. An attacker can...

9.8CVSS8.3AI score0.00042EPSS

Exploits1References1