CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

216205 matches found

AlpineLinux•added 2026/05/14 1:0 p.m.•9 views

CVE-2026-6476

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

7.2CVSS6.1AI score0.00287EPSS

Exploits0

ATTACKERKB•added 2026/05/14 9:21 a.m.•6 views

CVE-2025-11024

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001...

9.8CVSS5.8AI score0.00358EPSS

Exploits0References2

EUVD•added 2026/05/14 6:44 a.m.•24 views

EUVD-2026-30251

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00224EPSS

Exploits0References2

Vulnrichment•added 2026/05/14 6:44 a.m.•4 views

CVE-2026-6225 Taskbuilder – Project Management & Task Management Tool With Kanban Board <= 5.0.6 - Authenticated (Subscriber+) Time-Based Blind SQL Injection via 'project_search' Parameter

6.5CVSS5.9AI score0.00224EPSS

Exploits0References2

NVD•added 2026/05/14 4:17 a.m.•39 views

CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS0.00239EPSS

Exploits0References3

NVD•added 2026/05/14 4:17 a.m.•14 views

CVE-2026-5486

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'datafiltersearch' parameter in the getcataddons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated escaping functions combined...

6.5CVSS0.00354EPSS

Exploits0References10

OSV•added 2026/05/14 4:17 a.m.•7 views

DEBIAN-CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS5.9AI score0.00239EPSS

Exploits0References1

OSV•added 2026/05/14 4:17 a.m.•5 views

DEBIAN-CVE-2026-46445

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

7.1CVSS5.9AI score0.00239EPSS

Exploits0References1

OSV•added 2026/05/14 4:17 a.m.•3 views

UBUNTU-CVE-2026-46445

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

7.1CVSS5.9AI score0.00239EPSS

Exploits0References6

OSV•added 2026/05/14 4:17 a.m.•6 views

UBUNTU-CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS5.9AI score0.00239EPSS

Exploits0References6

CVE•added 2026/05/14 3:13 a.m.•15 views

CVE-2026-46446

SOGo before 5.12.7, when using PostgreSQL or MariaDB, stores passwords in cleartext and is vulnerable to SQL injection via c_password = '%@' in changePasswordForLogin. The CVE notes an impact on confidentiality and integrity with a high base score (7.1) and a network attack vector requiring low p...

7.1CVSS5.9AI score0.00239EPSS

Exploits0References3

ATTACKERKB•added 2026/05/14 3:13 a.m.•6 views

CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS5.9AI score0.00239EPSS

Exploits0References4

EUVD•added 2026/05/14 3:13 a.m.•21 views

EUVD-2026-30213

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS5.9AI score0.00239EPSS

Exploits0References3

Vulnrichment•added 2026/05/14 3:13 a.m.•7 views

CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS5.9AI score0.00239EPSS

Exploits0References3

EUVD•added 2026/05/14 3:10 a.m.•12 views

EUVD-2026-30212

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

7.1CVSS5.9AI score0.00239EPSS

Exploits0References3

ATTACKERKB•added 2026/05/14 3:10 a.m.•3 views

CVE-2026-46445

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

7.1CVSS5.9AI score0.00239EPSS

Exploits0References4

Cvelist•added 2026/05/14 3:10 a.m.•38 views

CVE-2026-46445

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

7.1CVSS0.00239EPSS

Exploits0References3

CVE•added 2026/05/14 2:26 a.m.•10 views

CVE-2026-5486

CVE-2026-5486 affects the WordPress plugin Unlimited Elements for Elementor, versions up to and including 2.0.7. The vulnerability lies in get_cat_addons via the data[filter_search] parameter, where insufficient input sanitization, use of deprecated escaping, and direct string concatenation into ...

6.5CVSS6AI score0.00354EPSS

Exploits0References10

Vulnrichment•added 2026/05/14 2:26 a.m.•4 views

CVE-2026-5486 Unlimited Elements For Elementor <= 2.0.7 - Authenticated (Contributor+) SQL Injection via 'filter_search' Parameter

6.5CVSS6AI score0.00354EPSS

Exploits0References10

ATTACKERKB•added 2026/05/14 2:26 a.m.•4 views

CVE-2026-5486

6.5CVSS6AI score0.00354EPSS

Exploits0References11

Rows per page