CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/26 7:15 p.m.•25 views

CVE-2026-9574 itsourcecode Student Transcript Processing System trans.php sql injection

7.5CVSS0.00039EPSS

Cvelist•added 2026/05/26 7:0 p.m.•25 views

CVE-2026-9573 itsourcecode Student Transcript Processing System index.php sql injection

A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated remotely. The explo...

7.5CVSS0.00039EPSS

ATTACKERKB•added 2026/05/26 7:0 p.m.•6 views

CVE-2026-9573

7.5CVSS7AI score0.00039EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/26 7:0 p.m.•6 views

CVE-2026-9573 itsourcecode Student Transcript Processing System index.php sql injection

7.5CVSS7AI score0.00039EPSS

NVD•added 2026/05/26 6:16 p.m.•8 views

CVE-2026-46624

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS0.00204EPSS

Exploits1References1

Patchstack•added 2026/05/26 5:33 p.m.•6 views

WordPress EnvíaloSimple: Email Marketing y Newsletters plugin <= 2.4.5 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Maurice Fielenbach Hexastrike - Hexastrike Cybersecurity UG haftungsbeschränkt in WordPress Plugin EnvíaloSimple versions = 2.4.5...

4.9CVSS5.9AI score0.00036EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/26 5:16 p.m.•9 views

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS0.00783EPSS

Exploits2References5

NVD•added 2026/05/26 5:16 p.m.•7 views

CVE-2026-35222

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

9.8CVSS0.00003EPSS

NVD•added 2026/05/26 5:16 p.m.•8 views

CVE-2025-36220

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

9.8CVSS0.00049EPSS

ATTACKERKB•added 2026/05/26 5:7 p.m.•4 views

CVE-2026-44706

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

Exploits0References2Affected Software1

Cvelist•added 2026/05/26 5:7 p.m.•33 views

CVE-2026-44706 Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values

8.5CVSS0.00029EPSS

Vulnrichment•added 2026/05/26 5:7 p.m.•6 views

CVE-2026-44706 Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values

EUVD•added 2026/05/26 5:7 p.m.•9 views

EUVD-2026-31913

CVE•added 2026/05/26 5:7 p.m.•9 views

CVE-2026-44706

Chatwoot (versions 2.2.0–4.11.1) is affected by a SQL injection in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the is_greater_than or is_less_than operators, values are interpolated directly into the SQL query without parameterizatio...