CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

234258 matches found

Cvelist•added 2026/05/19 12:0 a.m.•37 views

CVE-2026-31069

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

0.00365EPSS

Exploits0References3

EUVD•added 2026/05/19 12:0 a.m.•6 views

EUVD-2026-30946

6.1AI score0.00365EPSS

Exploits0References3

ATTACKERKB•added 2026/05/19 12:0 a.m.•6 views

CVE-2026-31069

6.1AI score0.00365EPSS

Exploits0References4

CNNVD•added 2026/05/19 12:0 a.m.•7 views

billabear 安全漏洞

Billabear is an open-source self-hosted subscription management and billing system developed by Billabear. There is a security vulnerability in Billabear, which stems from the fact that the names of user-controlled metric filters and aggregation properties in the EventRepository are directly...

8.8CVSS6.1AI score0.00365EPSS

Exploits0References2

CVE•added 2026/05/19 12:0 a.m.•10 views

CVE-2026-31069

The CVE-2026-31069 entry concerns BillaBear (versions before Jan 2026) with a SQL Injection in the EventRepository. The root cause is unsafely interpolating user-controlled identifiers (filter names and aggregation property keys) into SQL via sprintf(), while values are parameterized. An authenti...

8.8CVSS6.1AI score0.00365EPSS

Exploits0References3

Positive Technologies•added 2026/05/19 12:0 a.m.•10 views

PT-2026-42042

Name of the Vulnerable Software and Affected Versions SQLFluff versions prior to 4.1.0 Description In deployments where untrusted users can provide SQL queries to be linted, a malicious user can submit a query with excessive nesting. This triggers a Denial of Service through resource exhaustion i...

7.5CVSS5.5AI score0.00263EPSS

Exploits0References6

CNNVD•added 2026/05/19 12:0 a.m.•8 views

WordPress plugin Contest Gallery SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00391EPSS

Exploits0References1

Positive Technologies•added 2026/05/19 12:0 a.m.•9 views

PT-2026-41893

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description Authentication is required based on the requested URL. An attacker can bypass this check by omitting the model query parameter and providing the model name only within the...

9.3CVSS5.9AI score0.00941EPSS

Exploits2References9

CNNVD•added 2026/05/19 12:0 a.m.•8 views

TYPO3 Extension News system SQL注入漏洞

TYPO3 Extension News system is an open-source extension for TYPO3 that allows for the publishing of news and content. The TYPO3 Extension News system has a SQL injection vulnerability, which stems from insufficient user input cleaning. This vulnerability could allow unauthenticated attackers to...

8.2CVSS6AI score0.00386EPSS

Exploits0References1

Tenable Nessus•added 2026/05/19 12:0 a.m.•10 views

SUSE SLES15 Security Update : php8 (SUSE-SU-2026:1958-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1958-1 advisory. This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when...

9.8CVSS6.5AI score0.00505EPSS

Exploits1References25

Tenable Nessus•added 2026/05/19 12:0 a.m.•7 views

SUSE SLES15 Security Update : php8 (SUSE-SU-2026:1957-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1957-1 advisory. This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when...

9.8CVSS6.5AI score0.00505EPSS

Exploits1References25

Tenable Nessus•added 2026/05/19 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-8851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to...

8.6CVSS6.1AI score0.00306EPSS

Exploits0References3

NVD•added 2026/05/18 9:16 p.m.•9 views

CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS0.00306EPSS

Exploits0References3

OSV•added 2026/05/18 9:16 p.m.•2 views

DEBIAN-CVE-2026-8851

8.6CVSS6.1AI score0.00306EPSS

Exploits0References1

OSV•added 2026/05/18 9:16 p.m.•1 views

UBUNTU-CVE-2026-8851

8.6CVSS6.1AI score0.00306EPSS

Exploits0References6

EUVD•added 2026/05/18 8:10 p.m.•8 views

EUVD-2026-30804

SOGo 5.12.7 contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can inject malicious SQ...

8.6CVSS6.1AI score0.00306EPSS

Exploits0References3

ATTACKERKB•added 2026/05/18 8:10 p.m.•4 views

CVE-2026-8851

8.6CVSS6.1AI score0.00306EPSS

Exploits0References4