CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

216510 matches found

Positive Technologies•added 2026/04/05 12:0 a.m.•4 views

PT-2026-30435

A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some unknown functionality of the file /delmemberinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack may be launche...

7.5CVSS6.9AI score0.00259EPSS

Exploits0References6

RedhatCVE•added 2026/04/04 10:54 p.m.•4 views

CVE-2026-27885

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability was discovered in Piwigo affecting the Activity List API endpoint. This vulnerability allows an authenticated administrator to extract sensitive data from the database, including...

7.2CVSS5.8AI score0.00364EPSS

Exploits1References1

Veracode•added 2026/04/04 5:32 a.m.•5 views

SQL Injection

alerta-server is vulnerable to SQL Injection. The vulnerability is due to direct interpolation of user-supplied query parameters into SQL statements without sanitization, which allows an attacker to inject and execute arbitrary SQL queries...

9.8CVSS6.1AI score0.00505EPSS

Exploits0References6Affected Software1

Snyk•added 2026/04/04 1:21 a.m.•2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the GET /api/v1/main/flows/search endpoint. An attacker can execute arbitrary operating system commands by injecting malicious SQL payloads that leverage PostgreSQL's COPY ... TO PROGRAM ... functionality after...

9.9CVSS6.2AI score0.00656EPSS

Exploits2References2

NVD•added 2026/04/03 11:17 p.m.•3 views

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS0.00656EPSS

Exploits1References3

RedhatCVE•added 2026/04/03 11:2 p.m.•3 views

CVE-2026-5368

A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit h...

9.8CVSS6.8AI score0.00333EPSS

Exploits1References1

ATTACKERKB•added 2026/04/03 10:49 p.m.•1 views

CVE-2026-34934

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

9.8CVSS5.8AI score0.00533EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/04/03 10:39 p.m.•1 views

CVE-2026-34612

9.9CVSS6.1AI score0.00656EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/04/03 10:39 p.m.•14 views

CVE-2026-34612 Kestra: Remote Code Execution via SQL Injection

9.9CVSS0.00656EPSS

Exploits1References3

EUVD•added 2026/04/03 10:39 p.m.•6 views

EUVD-2026-18903

9.9CVSS6.1AI score0.00656EPSS

Exploits1References3

CVE•added 2026/04/03 10:39 p.m.•18 views

CVE-2026-34612

Kestra (open-source event-driven orchestration platform) prior to version 1.3.7 contains a SQL Injection that enables Remote Code Execution via the GET /api/v1/main/flows/search endpoint. After authentication, a crafted link can trigger payload execution by PostgreSQL using COPY ... TO PROGRAM .....

9.9CVSS6.1AI score0.00656EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/04/03 10:37 p.m.•15 views

CVE-2026-34788 Emlog: SQL Injection in tag_model::updateTagName() via unsanitized parameters

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

6.5CVSS0.00343EPSS

Exploits1References1

NVD•added 2026/04/03 10:16 p.m.•0 views

CVE-2026-27834

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists in the pwg.users.getList Web Service API method. The filter parameter is directly concatenated into a SQL query without proper sanitization, allowing authenticated...

7.2CVSS0.00372EPSS

Exploits1References3

OSV•added 2026/04/03 9:57 p.m.•3 views

GHSA-MMM5-3G4X-QW39 OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals

Description Six confrontarighe.php files across different modules in OpenSTAManager fetchArray 'SELECT mgarticolilang.title, mgarticoli.codice, inrigheinterventi. FROM inrigheinterventi INNER JOIN...

8.8CVSS6.2AI score0.00416EPSS

Exploits1References3

Vulnrichment•added 2026/04/03 9:36 p.m.•0 views

CVE-2026-27885 Piwigo: SQL Injection in Activity.getList

7.2CVSS5.8AI score0.00364EPSS

Exploits1References3

CVE•added 2026/04/03 9:36 p.m.•7 views

CVE-2026-27885

CVE-2026-27885 affects Piwigo prior to version 16.3.0. A SQL injection vulnerability exists in the Activity.getList/API endpoint, exploitable by an authenticated administrator which can lead to leakage of sensitive data (user credentials, email addresses, and all stored content). The root cause i...

7.2CVSS5.8AI score0.00364EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/04/03 9:35 p.m.•0 views

CVE-2026-27834 Piwigo: SQL Injection in pwg.users.getList API Method via filter Parameter

7.2CVSS6.1AI score0.00372EPSS

Exploits1References3

Cvelist•added 2026/04/03 9:35 p.m.•14 views

CVE-2026-27834 Piwigo: SQL Injection in pwg.users.getList API Method via filter Parameter

7.2CVSS0.00372EPSS

Exploits1References3

ATTACKERKB•added 2026/04/03 9:35 p.m.•2 views

CVE-2026-27834