CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/19 12:0 a.m.•9 views

PT-2026-42042

Impact In deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any application using the parser to trigger a Denial of Service through resource exhaustion. Patches Versions 4.1.0 and up contain ...

7.5CVSS5.8AI score

Cvelist•added 2026/05/19 12:0 a.m.•34 views

CVE-2026-31069

0.00026EPSS

CNNVD•added 2026/05/19 12:0 a.m.•5 views

TYPO3 Extension News system SQL注入漏洞

TYPO3 Extension News system is an open-source extension for TYPO3 that allows for the publishing of news and content. The TYPO3 Extension News system has a SQL injection vulnerability, which stems from insufficient user input cleaning. This vulnerability could allow unauthenticated attackers to...

8.2CVSS6AI score0.00149EPSS

CNNVD•added 2026/05/19 12:0 a.m.•6 views

WordPress plugin Contest Gallery SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00098EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•8 views

PT-2026-41893

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description Authentication is required based on the requested URL. An attacker can bypass this check by omitting the model query parameter and providing the model name only within the...

9.3CVSS5.9AI score0.00209EPSS

Exploits2References9

CNNVD•added 2026/05/19 12:0 a.m.•3 views

TYPO3 Extension Address List SQL注入漏洞

TYPO3 Extension Address List is an open-source extension for TYPO3, designed for address book and contact management purposes. TYPO3 Extension Address List has a SQL injection vulnerability; this vulnerability stems from the getSqlQuery method not properly cleaning user input, which may lead to S...

8.2CVSS5.8AI score0.0004EPSS

CNNVD•added 2026/05/19 12:0 a.m.•5 views

Sparx Systems Sparx Pro Cloud Server 安全漏洞

Sparx Systems' Sparx Pro Cloud Server is a modeling and service platform developed by the Australian company Sparx Systems. It supports remote access to model repositories and collaborative management. Versions of Sparx Pro Cloud Server prior to version 6.1 contained security vulnerabilities. The...

8.8CVSS6.1AI score0.00046EPSS

Exploits2References1

EUVD•added 2026/05/19 12:0 a.m.•6 views

EUVD-2026-30946

6.1AI score0.00026EPSS

NVD•added 2026/05/18 9:16 p.m.•7 views

CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS0.00027EPSS

OSV•added 2026/05/18 9:16 p.m.•1 views

DEBIAN-CVE-2026-8851

OSV•added 2026/05/18 9:16 p.m.•1 views

UBUNTU-CVE-2026-8851

Vulnrichment•added 2026/05/18 8:10 p.m.•5 views

Exploits0References6

CVE-2026-8851 SOGo < 5.12.8 SQL Injection via addUserInAcls endpoint

EUVD•added 2026/05/18 8:10 p.m.•8 views

EUVD-2026-30804

SOGo 5.12.7 contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can inject malicious SQ...

Debian CVE•added 2026/05/18 8:10 p.m.•4 views

CVE-2026-8851

ATTACKERKB•added 2026/05/18 8:10 p.m.•4 views

Exploits0

CVE-2026-8851