CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/16 12:0 a.m.•7 views

PT-2026-41444

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS6.1AI score0.00276EPSS

Exploits0References5

Github Security Blog•added 2026/05/15 9:31 p.m.•5 views

Duplicate Advisory: phpMyFAQ has unauthenticated SQL injection via User-Agent header in BuiltinCaptcha

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-289f-fq7w-6q2w. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and...

9.8CVSS5.5AI score0.01306EPSS

Exploits0References5Affected Software2

Github Security Blog•added 2026/05/15 9:31 p.m.•5 views

Duplicate Advisory: phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pm8c-3qq3-72w7. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated...

7.7CVSS6AI score0.00212EPSS

Exploits0References4Affected Software2

OSV•added 2026/05/15 9:31 p.m.•4 views

GHSA-P9WC-4PJV-RG82 Duplicate Advisory: phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields

7.7CVSS6AI score0.00212EPSS

Veracode•added 2026/05/15 9:9 p.m.•10 views

Blind SQL Injection

Zabbix is vulnerable to blind SQL injection. The vulnerability is due to improper sanitization of the sortfield parameter in include/classes/api/CApiService.php, which allows a low-privileged user with API access to execute arbitrary SQL select queries and exfiltrate database data through...

8.7CVSS6.2AI score0.0024EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2026/05/15 7:57 p.m.•5 views

CVE-2026-44447

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0...

8.8CVSS5.9AI score0.00307EPSS

RedhatCVE•added 2026/05/15 7:57 p.m.•6 views

CVE-2026-42031

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

9.8CVSS5.9AI score0.01815EPSS

NVD•added 2026/05/15 7:17 p.m.•16 views

CVE-2026-46359

phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break...

7.7CVSS0.00212EPSS

NVD•added 2026/05/15 7:17 p.m.•12 views

CVE-2026-46364

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...

9.8CVSS0.01306EPSS

NVD•added 2026/05/15 7:17 p.m.•11 views

CVE-2026-45800

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order history page in Vvveb CMS. A normal frontend user can log in and access /user/orders. The orderby and...

8.7CVSS0.00265EPSS

EUVD•added 2026/05/15 6:44 p.m.•5 views

EUVD-2026-30582

8.7CVSS5.9AI score0.00265EPSS

Vulnrichment•added 2026/05/15 6:44 p.m.•5 views

CVE-2026-45800 Vvveb: Authenticated SQL injection in /user/orders via order_by and direction

8.7CVSS5.9AI score0.00265EPSS

CVE•added 2026/05/15 6:44 p.m.•12 views

CVE-2026-45800

Summary: CVE-2026-45800 affects the Vvveb CMS prior to version 1.0.8.3. The vulnerability is an authenticated SQL injection in the frontend order history page (/user/orders). The order_by and direction parameters are taken from the URL, propagated through the Orders component, and directly concat...

8.7CVSS5.9AI score0.00265EPSS

Cvelist•added 2026/05/15 6:44 p.m.•43 views

CVE-2026-45800 Vvveb: Authenticated SQL injection in /user/orders via order_by and direction

8.7CVSS0.00265EPSS

Cvelist•added 2026/05/15 6:36 p.m.•30 views

CVE-2026-46364 phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha

9.8CVSS0.01306EPSS

EUVD•added 2026/05/15 6:36 p.m.•9 views

EUVD-2026-30601

9.8CVSS5.8AI score0.01306EPSS

Vulnrichment•added 2026/05/15 6:36 p.m.•9 views

CVE-2026-46364 phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha

9.8CVSS5.8AI score0.01306EPSS

CVE•added 2026/05/15 6:36 p.m.•13 views

CVE-2026-46359

CVE-2026-46359 (phpMyFAQ) affects phpMyFAQ prior to 4.1.2. A SQL injection exists in CurrentUser::setTokenData, allowing authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or J...

7.7CVSS6.1AI score0.00212EPSS

Cvelist•added 2026/05/15 6:36 p.m.•42 views

CVE-2026-46359 phpMyFAQ - SQL Injection in CurrentUser::setTokenData via Unescaped OAuth Token Fields

7.7CVSS0.00212EPSS