CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/13 12:0 a.m.•6 views

PT-2026-40823

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.104.3 ERPNext versions prior to 16.14.0 Description Certain endpoints are susceptible to SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution, allowing an attacker ...

8.8CVSS5.8AI score0.00067EPSS

Exploits0References6

CNNVD•added 2026/05/13 12:0 a.m.•5 views

CKAN 安全漏洞

CKAN is an open-source data management system developed by CKAN itself. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained security vulnerabilities. These vulnerabilities stemmed from a vulnerability in datastoresearchsql, which allowed...

9.1CVSS5.8AI score0.00016EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•7 views

PT-2026-40604

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

5.8AI score0.00041EPSS

CNNVD•added 2026/05/13 12:0 a.m.•6 views

MISP SQL注入漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics, and it includes functions such as analysis of threats to network security and malware analysis. Prior to MISP 2.5.37, there was an S...

9.3CVSS5.9AI score0.00051EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•7 views

PT-2026-40564

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 1.8.10.4 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS5.9AI score0.00036EPSS

Exploits0References8

NVD•added 2026/05/12 11:16 p.m.•7 views

CVE-2026-1250

The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to generic SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.10.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

7.5CVSS0.00084EPSS

EUVD•added 2026/05/12 9:31 p.m.•7 views

EUVD-2026-29812

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS6.2AI score0.00037EPSS

Wordfence Blog•added 2026/05/12 9:19 p.m.•8 views

1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin

On March 21st, 2026, we received a submission for an Arbitrary File Read and an SQL Injection vulnerability in Avada Builder, a WordPress plugin with an estimated 1,000,000 active installations. The arbitrary file read vulnerability can be used by authenticated attackers, with subscriber-level...

7.5CVSS6.5AI score0.00084EPSS

Exploits0

NVD•added 2026/05/12 8:16 p.m.•7 views

CVE-2026-44863

NVD•added 2026/05/12 8:16 p.m.•7 views

CVE-2026-44861

NVD•added 2026/05/12 8:16 p.m.•6 views

CVE-2026-44860

NVD•added 2026/05/12 8:16 p.m.•5 views

CVE-2026-44862

Vulnrichment•added 2026/05/12 7:9 p.m.•3 views

CVE-2026-44863 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems

7.2CVSS6.2AI score0.00037EPSS

Cvelist•added 2026/05/12 7:9 p.m.•28 views

CVE-2026-44863 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems