CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

216283 matches found

Positive Technologies•added 2026/05/06 12:0 a.m.•7 views

PT-2026-41366

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.2 Description An unauthenticated SQL injection exists in the BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods. The issue occurs when unsanitized User-Agent headers are interpolated into...

9.8CVSS5.8AI score0.01306EPSS

Exploits0References13

Positive Technologies•added 2026/05/06 12:0 a.m.•7 views

PT-2026-37435

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

7.5CVSS5.9AI score0.00336EPSS

Exploits0References3

Tenable Nessus•added 2026/05/06 12:0 a.m.•14 views

Linux Distros Unpatched Vulnerability : CVE-2026-44331

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltabfetchclientscb in contrib/modwrap2sql.c allows a remote attacker to inject...

8.1CVSS5.9AI score0.00455EPSS

Exploits0References3

RedhatCVE•added 2026/05/05 8:21 p.m.•4 views

CVE-2026-7744

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

6.5CVSS6.3AI score0.00192EPSS

Exploits0References1

RedhatCVE•added 2026/05/05 8:21 p.m.•6 views

CVE-2026-42229

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

8.8CVSS5.7AI score0.0033EPSS

Exploits0References1

RedhatCVE•added 2026/05/05 8:21 p.m.•5 views

CVE-2026-7688

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

5CVSS5.5AI score0.00221EPSS

Exploits0References1

RedhatCVE•added 2026/05/05 8:21 p.m.•3 views

CVE-2026-7670

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS6.8AI score0.00259EPSS

Exploits0References1

NVD•added 2026/05/05 8:16 p.m.•4 views

CVE-2026-44331

In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltabfetchclientscb in contrib/modwrap2sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When "UseReverseDNS on" is enabled, the...

8.1CVSS0.00455EPSS

Exploits0References2

NVD•added 2026/05/05 8:16 p.m.•4 views

CVE-2026-40331

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...

9.3CVSS0.00317EPSS

Exploits0References1

OSV•added 2026/05/05 8:16 p.m.•1 views

DEBIAN-CVE-2026-44331

8.1CVSS6AI score0.00455EPSS

Exploits0References1

NVD•added 2026/05/05 8:16 p.m.•5 views

CVE-2026-40329

Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of the sortBy parameter. The application fails to properly sanitize or parameterize this input before...

9.3CVSS0.00302EPSS

Exploits0References1

UbuntuCve•added 2026/05/05 8:16 p.m.•6 views

CVE-2026-44331

8.1CVSS6AI score0.00455EPSS

Exploits0References3

EUVD•added 2026/05/05 7:48 p.m.•3 views

EUVD-2026-27482

9.3CVSS5.9AI score0.00317EPSS

Exploits0References1

ATTACKERKB•added 2026/05/05 7:48 p.m.•2 views

CVE-2026-40331

9.3CVSS5.9AI score0.00317EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/05 7:48 p.m.•4 views

CVE-2026-40331 Masa CMS unauthenticated SQL injection via altTable parameter in JSON API

9.3CVSS5.9AI score0.00317EPSS

Exploits0References1

Cvelist•added 2026/05/05 7:48 p.m.•32 views

CVE-2026-40331 Masa CMS unauthenticated SQL injection via altTable parameter in JSON API

9.3CVSS0.00317EPSS

Exploits0References1

EUVD•added 2026/05/05 7:46 p.m.•4 views

EUVD-2026-27480

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's handling of the sortDirection parameter. The...

9.3CVSS6.5AI score0.00425EPSS

Exploits0References1

ATTACKERKB•added 2026/05/05 7:46 p.m.•3 views

CVE-2026-40330

9.3CVSS6.5AI score0.00425EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/05 7:44 p.m.•3 views

CVE-2026-40329 SQL Injection vulnerability via sortBy in beanFeed

9.3CVSS6AI score0.00302EPSS

Exploits0References1

Cvelist•added 2026/05/05 7:44 p.m.•34 views

CVE-2026-40329 SQL Injection vulnerability via sortBy in beanFeed