Lucene search
K

216673 matches found

CVE
CVE
added 2026/03/21 10:2 a.m.9 views

CVE-2026-4513

The CVE-2026-4513 entry concerns vanna-ai vanna up to version 2.0.2. The vulnerability affects the function ask in vanna/legacy/base/base.py; manipulation of inputs results in SQL injection. The issue is exploitable remotely, with public exploits available. Vendor was contacted early but did not ...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/21 10:2 a.m.2 views

CVE-2026-4513 vanna-ai vanna base.py ask sql injection

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...

6.5CVSS5.6AI score0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/21 10:2 a.m.32 views

CVE-2026-4513 vanna-ai vanna base.py ask sql injection

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...

6.5CVSS0.00196EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/21 10:2 a.m.2 views

CVE-2026-4513

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...

6.5CVSS5.6AI score0.00196EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/21 6:30 a.m.3 views

EUVD-2026-14188

The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntnwpaccess' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the getuseraccess metho...

7.5CVSS5.9AI score0.00364EPSS
Exploits0References4
NVD
NVD
added 2026/03/21 4:17 a.m.5 views

CVE-2026-4087

The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hintids' parameter of the pprhupdatehints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

6.5CVSS0.00261EPSS
Exploits0References6
NVD
NVD
added 2026/03/21 4:17 a.m.2 views

CVE-2026-3334

The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...

8.8CVSS0.00341EPSS
Exploits0References3
NVD
NVD
added 2026/03/21 4:17 a.m.4 views

CVE-2026-2503

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...

6.5CVSS0.00242EPSS
Exploits0References5
NVD
NVD
added 2026/03/21 4:17 a.m.3 views

CVE-2026-2468

The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntnwpaccess' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the getuseraccess metho...

7.5CVSS0.00364EPSS
Exploits0References3
NVD
NVD
added 2026/03/21 4:16 a.m.2 views

CVE-2026-1800

The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

7.5CVSS0.00384EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/21 3:27 a.m.1 views

CVE-2026-2503 ElementCamp <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:27 a.m.1 views

CVE-2026-2503

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/21 3:27 a.m.32 views

CVE-2026-2503 ElementCamp <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...

6.5CVSS0.00242EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.2 views

CVE-2026-4087 Pre* Party Resource Hints <= 1.8.20 - Authenticated (Subscriber+) SQL Injection via 'hint_ids' Parameter

The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hintids' parameter of the pprhupdatehints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

6.5CVSS5.9AI score0.00261EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.27 views

CVE-2026-4087 Pre* Party Resource Hints <= 1.8.20 - Authenticated (Subscriber+) SQL Injection via 'hint_ids' Parameter

The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hintids' parameter of the pprhupdatehints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

6.5CVSS0.00261EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.1 views

CVE-2026-4087

The Pre Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hintids' parameter of the pprhupdatehints AJAX action in all versions up to, and including, 1.8.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

6.5CVSS5.9AI score0.00261EPSS
Exploits0References7
CVE
CVE
added 2026/03/21 3:26 a.m.9 views

CVE-2026-4087

CVE-2026-4087 affects the Pre* Party Resource Hints plugin for WordPress. The vulnerability is an SQL Injection via the hint_ids parameter in the pprh_update_hints AJAX action, present in all versions up to and including 1.8.20 . It results from insufficient escaping of user input and lack of pro...

6.5CVSS5.9AI score0.00261EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.28 views

CVE-2026-2468 Quentn WP <= 1.2.12 - Unauthenticated SQL Injection via 'qntn_wp_access' Cookie

The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntnwpaccess' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the getuseraccess metho...

7.5CVSS0.00364EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.1 views

CVE-2026-2468

The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntnwpaccess' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the getuseraccess metho...

7.5CVSS5.9AI score0.00364EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.2 views

CVE-2026-1800 Fonts Manager | Custom Fonts <= 1.2 - Unauthenticated SQL Injection via fmcfIdSelectedFnt parameter

The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

7.5CVSS5.9AI score0.00384EPSS
Exploits0References5
Rows per page
Query Builder