Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

233621 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/13 1:27 p.m.2 views

CVE-2026-4608

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS5.9AI score0.00033EPSS
Exploits0References7
NVD
NVDadded 2026/05/13 1:1 p.m.5 views

CVE-2026-4798

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS0.00084EPSS
Exploits0References2
Nextcloud
Nextcloudadded 2026/05/13 12:20 p.m.9 views

Tables app allows limited SQLi in ORDER BY with malicious sort order argument for Table Views

None...

7.1CVSS5.8AI score0.0002EPSS
Exploits0References2Affected Software1
Patchstack
Patchstackadded 2026/05/13 10:46 a.m.7 views

WordPress Avada (Fusion) Builder plugin <= 3.15.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin Fusion Builder versions = 3.15.1...

7.5CVSS5.9AI score0.00084EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/05/13 10:20 a.m.7 views

WordPress Court Reservation – Manage Your Court Bookings Online plugin <= 1.10.11 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Court Reservation versions = 1.10.11...

7.5CVSS5.9AI score0.00084EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/05/13 9:26 a.m.34 views

CVE-2026-4798 Avada Builder <= 3.15.1 - Unauthenticated SQL Injection via 'product_order' Parameter

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS0.00084EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/13 9:26 a.m.4 views

CVE-2026-4798

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.9AI score0.00084EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/13 9:26 a.m.4 views

EUVD-2026-29934

The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘productorder’ parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.9AI score0.00084EPSS
Exploits0References2
CVE
CVEadded 2026/05/13 9:26 a.m.16 views

CVE-2026-4798

The connected sources confirm CVE-2026-4798 affects Avada Builder for WordPress

7.5CVSS5.9AI score0.00084EPSS
Exploits0References2
OSV
OSVadded 2026/05/13 7:57 a.m.2 views

SUSE-SU-2026:21612-1 Security update for php8

This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. - CVE-2026-6104: out-of-bounds read when processing an encoding name containing an embedded NULL byte in...

9.8CVSS6.5AI score0.00369EPSS
Exploits1References21
Mageia
Mageiaadded 2026/05/13 7:0 a.m.6 views

Updated php packages fix security vulnerabilities

FPM: Fixed GHSA-7qg2-v9fj-4mwv XSS within status endpoint. CVE-2026-6735 MBString: Fixed GHSA-wm6j-2649-pv75 Null pointer dereference in phpmbcheckencoding via mberegsearchinit. CVE-2026-7259 OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDOFirebird: Fixed GHSA-w476-322c-wpvm SQL injection...

9.8CVSS5.9AI score0.00369EPSS
Exploits1References2
NVD
NVDadded 2026/05/13 6:16 a.m.4 views

CVE-2026-6929

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS0.00109EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/05/13 5:29 a.m.3 views

CVE-2026-6929

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS5.9AI score0.00109EPSS
Exploits0References7
EUVD
EUVDadded 2026/05/13 5:29 a.m.6 views

EUVD-2026-29913

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS5.9AI score0.00109EPSS
Exploits0References6
NVD
NVDadded 2026/05/13 5:16 a.m.4 views

CVE-2026-7619

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS0.00036EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/05/13 4:26 a.m.5 views

CVE-2026-7619

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00036EPSS
Exploits0References9
CVE
CVEadded 2026/05/13 4:26 a.m.10 views

CVE-2026-7619

The CVE-2026-7619 entry details an authenticated SQL Injection in the Charitable WordPress plugin (

6.5CVSS5.9AI score0.00036EPSS
Exploits0References8
Cvelist
Cvelistadded 2026/05/13 4:26 a.m.33 views

CVE-2026-7619 Charitable <= 1.8.10.4 - Authenticated (Custom+) SQL Injection via 's' Search Parameter

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS0.00036EPSS
Exploits0References8
GithubExploit
GithubExploitadded 2026/05/13 4:17 a.m.79 views

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

SimpleCTF-THM-Relatory First CTF successfully completed! This...

8.1CVSS5.9AI score0.92556EPSS
Exploits36
Cvelist
Cvelistadded 2026/05/13 3:16 a.m.30 views

CVE-2026-6888 SQL Injection Vulnerability

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...

7.2CVSS0.00104EPSS
Exploits0References1
Rows per page
Query Builder