CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2 days ago•4 views

CVE-2026-5074

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir0' parameter of the getprivatecontentdata AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into...

6.5CVSS5.9AI score0.00026EPSS

Exploits1References3

Cvelist•added 2 days ago•22 views

CVE-2026-5074 ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter

6.5CVSS0.00026EPSS

EUVD•added 2 days ago•5 views

EUVD-2026-34003

The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the armresetpasswordkey user meta field when a user requests a password reset. This is in...

9.8CVSS5.9AI score0.00043EPSS

CVE•added 2 days ago•8 views

CVE-2026-5074

The CVE concerns the ARMember Premium WordPress plugin. A SQL Injection exists in the get_private_content_data AJAX action via the sSortDir_0 parameter, in all versions up to and including 7.3.1. The user-supplied value is concatenated into the ORDER BY clause without a whitelist, allowing authen...

6.5CVSS5.9AI score0.00026EPSS

Vulnrichment•added 2 days ago•5 views

CVE-2026-5074 ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter

6.5CVSS5.9AI score0.00026EPSS

ATTACKERKB•added 2 days ago•4 views

CVE-2026-10608

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

Vulnrichment•added 2 days ago•4 views

Exploits0References5

CVE-2026-10608 DedeCMS carbuyaction.php RemoveXSS sql injection

7.5CVSS5.7AI score0.00024EPSS

EUVD•added 2 days ago•6 views

EUVD-2026-33997

NVD•added 2 days ago•8 views

CVE-2026-10606

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS0.00024EPSS

CVE•added 2 days ago•9 views

CVE-2026-10606

CVE-2026-10606 affects DedeCMS 5.7.88, specifically the TrimMsg function in /plus/feedback.php (Feedback Handler). Manipulating the msg argument can cause a SQL injection. The issue is exploitable remotely with publicly disclosed exploit material; CVSS metrics indicate network access, low attack ...

Vulnrichment•added 2 days ago•6 views

CVE-2026-10606 DedeCMS Feedback feedback.php TrimMsg sql injection

ATTACKERKB•added 2 days ago•5 views

CVE-2026-10606

NVD•added 2 days ago•5 views

Exploits0References5

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS0.00041EPSS

Exploits2References6

RedhatCVE•added 2 days ago•7 views

CVE-2026-10257

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...

6.5CVSS5.7AI score0.00033EPSS

RedhatCVE•added 2 days ago•6 views

CVE-2026-10193

A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sq...

6.5CVSS5.6AI score0.00028EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-10226

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS5.6AI score0.00033EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-35222

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

9.8CVSS5.9AI score0.00003EPSS

RedhatCVE•added 2 days ago•6 views

CVE-2026-10251

A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS5.6AI score0.00033EPSS

RedhatCVE•added 2 days ago•7 views

CVE-2026-10170

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

6.5CVSS5.7AI score0.00028EPSS