CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/20 9:16 a.m.•7 views

CVE-2026-9065

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

9.3CVSS0.00036EPSS

NVD•added 2026/05/20 9:16 a.m.•8 views

CVE-2026-9059

NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function 'cleancolumn' in the data mapper layer that uses a...

9.3CVSS0.00036EPSS

CVE•added 2026/05/20 8:23 a.m.•14 views

CVE-2026-9065

SureCart

9.3CVSS6AI score0.00036EPSS

Cvelist•added 2026/05/20 8:23 a.m.•34 views

CVE-2026-9065 Surecart - SQL Injection

9.3CVSS0.00036EPSS

Vulnrichment•added 2026/05/20 7:41 a.m.•5 views

CVE-2026-9059 NextGEN Gallery - SQL Injection

9.3CVSS6AI score0.00036EPSS

ATTACKERKB•added 2026/05/20 7:41 a.m.•5 views

CVE-2026-9059

9.3CVSS6AI score0.00036EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в openldap

In OpenLDAP 2.x versions before 2.5.12 and 2.6.x versions before 2.6.2, there is a SQL injection vulnerability in the experimental slapd backend, caused by a SQL statement within an LDAP query. This vulnerability can occur during an LDAP search operation, when the search filter is processed, due ...

9.8CVSS7.3AI score0.13614EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в mariadb-10.3

It has been discovered that MariaDB Server v10.9 and earlier contains a segmentation fault due to the component sql/sqlwindow.cc...

7.5CVSS7AI score0.00311EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•8 views

Astra Linux - уязвимость в postgresql-11

Improper neutralization of quoting syntax in PostgreSQL’s libpq functions such as PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to exploit SQL injection attacks under certain usage patterns. Specifically, SQL injection requires the...

8.1CVSS7.4AI score0.82364EPSS

Exploits10References2

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в postgresql-11

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries during the initial establishment of a connection, despite the use of SSL certificate verification and encryption...

8.1CVSS7AI score0.00193EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в mariadb-10.3

It has been discovered that MariaDB Server v10.9 and earlier contains a use-after-free issue due to the Binarystring::freebuffer function at the /sql/sqlstring.h component...

7.5CVSS7.3AI score0.00238EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в mariadb-10.3

It has been discovered that MariaDB Server v10.6.3 and earlier contains a use-after-free in the Itemfuncin::cleanup component, which can be exploited through specially crafted SQL statements...

7.5CVSS7.4AI score0.00323EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в mariadb-10.3

MariaDB version 10.5.9 allows a sqlparse.cc application to crash due to incorrect expectations regarding usedtables...

5.5CVSS6.8AI score0.00041EPSS

5.5CVSS6.9AI score0.00039EPSS

Astra Linux - уязвимость в mariadb-10.3

MariaDB before version 10.6.5 has a sqllex.cc integer overflow issue, which can lead to an application crash...

7.8CVSS7.8AI score0.00064EPSS

Astra Linux - уязвимость в mariadb-10.3

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw resides in the processing ...

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в libpgjava

pgjdbc, the PostgreSQL JDBC Driver, allows attackers to inject SQL statements if the PreferQueryMode=SIMPLE setting is used. Note that this is not the default setting. In the default mode, there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus sign...

10CVSS7.1AI score0.0035EPSS

8.8CVSS7.6AI score0.02177EPSS

Astra Linux - уязвимость в zabbix

A low-privilege regular Zabbix user with API access can exploit the SQL injection vulnerability in the include/classes/api/CApiService.php file to execute arbitrary SQL commands using the groupBy parameter...

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в pgbouncer

In PgBouncer, the untrusted search path in the authquery connection handler before version 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication through a malicious searchpath parameter in the StartupMessage...

8.1CVSS6.1AI score0.00185EPSS

7.5CVSS7AI score0.00209EPSS

Astra Linux - уязвимость в mariadb-10.3

It has been discovered that MariaDB Server v10.7 and earlier contains a segmentation fault due to the component sql/sqlclass.cc...