CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2026/04/16 9:51 a.m.•4 views

WordPress Riaxe Product Customizer plugin <= 2.1.2 - Unauthenticated SQL Injection via 'options' Parameter Keys in product_data vulnerability

Unauthenticated SQL Injection via 'options' Parameter Keys in productdata vulnerability discovered by Kai Aizen in WordPress Plugin Riaxe Product Customizer versions = 2.1.2...

7.5CVSS6AI score0.00489EPSS

Exploits0References1Affected Software1

EUVD•added 2026/04/16 6:31 a.m.•3 views

EUVD-2026-23186

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'productdata' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on t...

7.5CVSS5.9AI score0.00489EPSS

Exploits0References8

EUVD•added 2026/04/16 6:31 a.m.•6 views

EUVD-2026-23190

The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

NVD•added 2026/04/16 6:16 a.m.•4 views

Exploits0References4

CVE-2026-3773

6.5CVSS0.00346EPSS

NVD•added 2026/04/16 6:16 a.m.•6 views

CVE-2026-3599

7.5CVSS0.00489EPSS

Exploits0References7

ATTACKERKB•added 2026/04/16 5:29 a.m.•4 views

CVE-2026-3773

CVE•added 2026/04/16 5:29 a.m.•17 views

Exploits0References4

CVE-2026-3773

CVE-2026-3773 : The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to an SQL Injection via the 'scan_id' parameter in all versions up to and including 4.20 . The root cause is insufficient escaping of user input and inadequate preparation of the existing SQL query. This ca...

Vulnrichment•added 2026/04/16 5:29 a.m.•2 views

CVE-2026-3773 Accessibility Suite by Ability, Inc <= 4.20 - Authenticated (Subscriber+) SQL Injection via 'scan_id' Parameter

Cvelist•added 2026/04/16 5:29 a.m.•31 views

CVE-2026-3599 Riaxe Product Customizer <= 2.1.2 - Unauthenticated SQL Injection via 'options' Parameter Keys in product_data

7.5CVSS0.00489EPSS

Exploits0References7

CVE•added 2026/04/16 5:29 a.m.•13 views

CVE-2026-3599

The Riaxe Product Customizer plugin for WordPress is affected by an SQL Injection in the /wp-json/InkXEProductDesignerLite/add-item-to-cart endpoint. The vulnerability involves SQL injection via the keys of the 'options' parameter within 'product_data' for all versions up to 2.1.2. Root cause: in...

7.5CVSS5.9AI score0.00489EPSS

Exploits0References7

Cvelist•added 2026/04/16 12:0 a.m.•23 views

CVE-2026-37341

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/managecategory.php...

0.00249EPSS

CVE•added 2026/04/16 12:0 a.m.•7 views

CVE-2026-37338

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in /music/view_user.php. The connected documents confirm the vulnerability but do not provide root-cause details, affected parameters, exploit steps, or remediation in the supplied material. No exploits or patc...

9.4CVSS5.9AI score0.00314EPSS

Positive Technologies•added 2026/04/16 12:0 a.m.•6 views

PT-2026-33319

Name of the Vulnerable Software and Affected Versions ManageEngine PAM360 versions prior to 8531 ManageEngine Password Manager Pro versions 8600 through 13230 Description An authenticated SQL injection exists in the query report module. SQL injection is a type of flaw that allows an attacker to...

8.1CVSS5.8AI score0.01394EPSS

Exploits0References6

CNNVD•added 2026/04/16 12:0 a.m.•8 views

SourceCodester Simple Music Cloud Community System 安全漏洞

SourceCodester Simple Music Cloud Community System is an open-source simple music cloud community system developed by SourceCodester. Version 1.0 of the SourceCodester Simple Music Cloud Community System contains a security vulnerability, which stems from the file /music/viewuser.php being...

9.4CVSS5.8AI score0.00314EPSS

Vulnrichment•added 2026/04/16 12:0 a.m.•2 views

CVE-2026-37340

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/editmusic.php...

5.8AI score0.0026EPSS

CNNVD•added 2026/04/16 12:0 a.m.•5 views

DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in their businesses. DataEase versions 2.10.20 and earlier contain security...

8.8CVSS5.9AI score0.00328EPSS

Exploits1References1

CNNVD•added 2026/04/16 12:0 a.m.•6 views

DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. DataEase versions 2.10.20 and earlier contain security vulnerabilities...

8.8CVSS5.9AI score0.00328EPSS

Exploits1References1

CNNVD•added 2026/04/16 12:0 a.m.•5 views

SourceCodester Payroll Management and Information System 安全漏洞

SourceCodester Payroll Management and Information System is an open-source payroll management and information system developed by SourceCodester. Version 1.0 of SourceCodester Payroll Management and Information System contains a security vulnerability, which stems from the file...

4.7CVSS5.8AI score0.0021EPSS