CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/17 12:0 a.m.•7 views

Joomla! extension EkRishta SQL注入漏洞

The Joomla! extension EkRishta is an open-source community extension designed to provide Joomla websites with functions for matchmaking and marriage-related services. Version 2.10 of the Joomla! extension EkRishta contains a SQL injection vulnerability. This vulnerability stems from persistent...

8.8CVSS5.8AI score0.00317EPSS

Exploits0References1

CNNVD•added 2026/05/17 12:0 a.m.•7 views

REDAXO-AddOn: MyEvents SQL注入漏洞

REDAXO-AddOn: MyEvents is a multilingual event management plugin developed by Joachim Wendenburg. Version 2.2.1 of REDAXO-AddOn: MyEvents contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the myeventsid parameter, potentially allowing authenticated...

7.1CVSS5.9AI score0.00268EPSS

Exploits0References1

CNNVD•added 2026/05/17 12:0 a.m.•5 views

oinone-pamirs 注入漏洞

Oinone-Pamirs is an AI-driven low-code development framework developed by Oinone. Versions of Oinone-Pamirs 7.2.0 and earlier had a SQL injection vulnerability. This vulnerability stems from the queryListByWrapper interface’s RSQLToSQLNodeConnector.makeVariable function, which allows for SQL...

7.5CVSS7.2AI score0.00259EPSS

Exploits0References2

CNNVD•added 2026/05/17 12:0 a.m.•6 views

Bylancer Zechat SQL注入漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability stems from the v parameter being subject to SQL injecti...

8.8CVSS5.9AI score0.00267EPSS

Exploits0References1

Positive Technologies•added 2026/05/17 12:0 a.m.•7 views

PT-2026-41519

A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been publicly...

7.5CVSS6.8AI score0.00259EPSS

Positive Technologies•added 2026/05/17 12:0 a.m.•7 views

PT-2026-41556

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

8.8CVSS5.8AI score0.00317EPSS

Positive Technologies•added 2026/05/17 12:0 a.m.•8 views

PT-2026-41545

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents id parameter. Attackers can send GET requests to the event add.php page with malicious myevents id values to extrac...

7.1CVSS5.9AI score0.00268EPSS

Positive Technologies•added 2026/05/17 12:0 a.m.•8 views

PT-2026-41590

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...

7.5CVSS6.8AI score0.00259EPSS

NVD•added 2026/05/16 4:16 p.m.•5 views

CVE-2021-47956

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive databas...

NVD•added 2026/05/16 4:16 p.m.•9 views

CVE-2021-47954

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the searchquery parameter. Attackers can send POST requests to /search.php with malicious searchquery values using CASE WHEN statements to extra...

8.8CVSS0.00237EPSS

Exploits0References2

NVD•added 2026/05/16 4:16 p.m.•19 views

CVE-2020-37243

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and...

NVD•added 2026/05/16 4:16 p.m.•7 views

CVE-2020-37242

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or...

Vulnrichment•added 2026/05/16 3:26 p.m.•7 views

CVE-2021-47980 Fuel CMS 1.4.13 Blind SQL Injection via col Parameter

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

7.1CVSS5.9AI score0.00226EPSS

CVE•added 2026/05/16 3:26 p.m.•7 views

CVE-2021-47956

The connected documents identify CVE-2021-47956 as affecting EgavilanMedia PHPCRUD 1.0 and describe a SQL injection vulnerability allowing unauthenticated attackers to manipulate database queries via the firstname parameter. Exploitation details include sending crafted POST requests to insert.php...

8.8CVSS5.9AI score0.00276EPSS

Cvelist•added 2026/05/16 3:26 p.m.•34 views

CVE-2021-47956 EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname