Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

216308 matches found

NVD
NVDadded 2026/04/16 3:17 p.m.3 views

CVE-2026-37347

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/viewemployee.php...

9.1CVSS0.0032EPSS
Exploits0References1
NVD
NVDadded 2026/04/16 3:17 p.m.4 views

CVE-2026-37337

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewplaylist.php...

7.3CVSS0.00169EPSS
Exploits0References1
NVD
NVDadded 2026/04/16 3:17 p.m.5 views

CVE-2026-37338

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewuser.php...

9.4CVSS0.00314EPSS
Exploits0References1
NVD
NVDadded 2026/04/16 3:17 p.m.5 views

CVE-2026-37340

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/editmusic.php...

9.8CVSS0.0026EPSS
Exploits0References1
NVD
NVDadded 2026/04/16 3:17 p.m.3 views

CVE-2026-37336

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewmusic.php...

7.3CVSS0.00169EPSS
Exploits0References1
NVD
NVDadded 2026/04/16 3:17 p.m.2 views

CVE-2026-37339

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewgenre.php...

9.8CVSS0.0026EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/16 1:46 p.m.3 views

CVE-2026-5785

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

8.1CVSS5.9AI score0.01394EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/16 1:46 p.m.26 views

CVE-2026-5785 SQL Injection

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

8.1CVSS0.01394EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/16 1:46 p.m.4 views

CVE-2026-5785 SQL Injection

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

8.1CVSS5.9AI score0.01394EPSS
Exploits0References1
CVE
CVEadded 2026/04/16 1:46 p.m.8 views

CVE-2026-5785

The CVE-2026-5785 issue affects Zohocorp ManageEngine PAM360 (versions before 8531) and ManageEngine Password Manager Pro (versions 8600 to 13230). The vulnerability is an Authenticated SQL injection in the query report module, allowing an attacker with LOW privileges and no user interaction to t...

8.1CVSS5.9AI score0.01394EPSS
Exploits0References1
OSV
OSVadded 2026/04/16 1:15 p.m.5 views

SUSE-SU-2026:21208-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

8.2CVSS5.8AI score0.00456EPSS
Exploits6References21
OSV
OSVadded 2026/04/16 1:10 p.m.5 views

OPENSUSE-SU-2026:20554-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

8.2CVSS5.8AI score0.00456EPSS
Exploits6References20
ATTACKERKB
ATTACKERKBadded 2026/04/16 11:21 a.m.12 views

CVE-2026-3489

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References3
Patchstack
Patchstackadded 2026/04/16 9:51 a.m.2 views

WordPress Riaxe Product Customizer plugin <= 2.1.2 - Unauthenticated SQL Injection via 'options' Parameter Keys in product_data vulnerability

Unauthenticated SQL Injection via 'options' Parameter Keys in productdata vulnerability discovered by Kai Aizen in WordPress Plugin Riaxe Product Customizer versions = 2.1.2...

7.5CVSS6AI score0.00489EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/04/16 6:31 a.m.3 views

EUVD-2026-23186

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'productdata' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on t...

7.5CVSS5.9AI score0.00489EPSS
Exploits0References8
EUVD
EUVDadded 2026/04/16 6:31 a.m.6 views

EUVD-2026-23190

The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS5.9AI score0.00346EPSS
Exploits0References4
NVD
NVDadded 2026/04/16 6:16 a.m.3 views

CVE-2026-3773

The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS0.00346EPSS
Exploits0References3
NVD
NVDadded 2026/04/16 6:16 a.m.5 views

CVE-2026-3599

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'productdata' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on t...

7.5CVSS0.00489EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/04/16 5:29 a.m.4 views

CVE-2026-3773

The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS5.9AI score0.00346EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/04/16 5:29 a.m.1 views

CVE-2026-3773 Accessibility Suite by Ability, Inc <= 4.20 - Authenticated (Subscriber+) SQL Injection via 'scan_id' Parameter

The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS5.9AI score0.00346EPSS
Exploits0References3
Rows per page
Query Builder