CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS6AI score0.00372EPSS

Exploits0References6

NVD•added 2026/04/11 2:16 a.m.•1 views

CVE-2026-5207

6.5CVSS0.00372EPSS

Exploits0References5

ATTACKERKB•added 2026/04/11 1:24 a.m.•1 views

CVE-2026-5207

6.5CVSS6AI score0.00372EPSS

Exploits0References6

Vulnrichment•added 2026/04/11 1:24 a.m.•5 views

CVE-2026-5207 LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter

6.5CVSS6AI score0.00372EPSS

Exploits0References5

Snyk•added 2026/04/10 7:30 p.m.•2 views

SQL Injection

Overview @saltcorn/data is a Data models for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to SQL Injection via the Literal function. An attacker can execute arbitrary SQL commands, manipulate database schema, or exfiltrate data by injecting crafted input...

8.8CVSS6.2AI score

Exploits0References2

RedhatCVE•added 2026/04/10 7:23 p.m.•4 views

CVE-2026-39497

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Blind SQL Injection.This issue affects FOX: from n/a through = 1.4.5...

7.6CVSS5.9AI score0.00279EPSS

Exploits0References1

RedhatCVE•added 2026/04/10 7:23 p.m.•3 views

CVE-2026-39487

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.1.1...

7.6CVSS5.9AI score0.00271EPSS

Exploits0References1

RedhatCVE•added 2026/04/10 7:22 p.m.•8 views

CVE-2026-39495

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.27...

8.5CVSS5.9AI score0.00253EPSS

Exploits0References1

Metasploit•added 2026/04/10 7:2 p.m.•313 views

AVideo Unauthenticated SQL Injection Credential Dump

AVideo use auxiliary/gather/avideocatnamesqli msf auxiliaryavideocatnamesqli show actions ...actions... msf auxiliaryavideocatnamesqli set ACTION msf auxiliaryavideocatnamesqli show options ...show and set options... msf auxiliaryavideocatnamesqli run This module requires Metasploit:...

9.8CVSS5.6AI score0.0151EPSS

Exploits1

EUVD•added 2026/04/10 3:31 p.m.•2 views

EUVD-2026-21390

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $GET'classId' is directly concatenated into the SQL query without any sanitization or validation...

5.8AI score0.00319EPSS

Exploits1References2

EUVD•added 2026/04/10 3:31 p.m.•3 views

EUVD-2026-21373

itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter...

5.9AI score0.00319EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by