CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added yesterday•13 views

CVE-2025-59554 WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability

Unauthenticated SQL Injection in Advanced Ads – Tracking 3.0.7 versions...

Cvelist•added yesterday•18 views

CVE-2026-54811 WordPress WP eMember plugin < v10.9.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP eMember v10.9.4 versions...

CVE•added yesterday•11 views

CVE-2026-54187

CVE-2026-54187 affects the WordPress JetEngine plugin, vulnerable in versions up to 3.8.10.1. The issue is an unauthenticated SQL injection in JetEngine = 3.8.10.2 or later and implement mitigations per vendor guidance. The documents do not indicate in-the-wild exploitation or CVSS vectors beyond...

CVE•added yesterday•10 views

CVE-2026-54186

CVE-2026-54186 concerns the WordPress JobSearch plugin, affected version range

Cvelist•added yesterday•16 views

CVE-2026-54186 WordPress JobSearch plugin <= 3.2.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in JobSearch = 3.2.9 versions...

CVE•added yesterday•8 views

CVE-2026-54185

CVE-2026-54185 – WordPress Cornerstone plugin (

8.5CVSS5.7AI score

CVE•added yesterday•12 views

CVE-2026-49084

JetEngine (WordPress plugin) versions earlier than 3.8.9.1 are affected by unauthenticated SQL Injection. The vulnerability is described as a high-severity (CVSS 3.1: 9.3) issue with network access and no required privileges, impacting confidentiality. A fix is available in 3.8.9.1 and later; upg...

Cvelist•added yesterday•15 views

CVE-2026-49084 WordPress JetEngine plugin < 3.8.9.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...

CVE•added yesterday•14 views

CVE-2026-49079

The CVE concerns the WordPress JetSearch plugin, affected versions are <= 3.5.17. It describes an unauthenticated SQL injection vulnerability in JetSearch that can be exploited over the network without authentication, potentially compromising confidentiality (high) and affecting data queries. ...

CVE•added yesterday•10 views

Exploits1References1

CVE-2026-49076

CVE-2026-49076 describes an unauthenticated SQL Injection in WordPress JetEngine plugin versions <= 3.8.9.1. The vulnerability affects JetEngine’s handling of input in a way that allows arbitrary SQL execution without authentication, with the CVSS 3.1 base score listed as 9.3 (CRITICAL) and ne...

Cvelist•added yesterday•14 views

CVE-2026-48875 WordPress JetSmartFilters plugin <= 3.8.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSmartFilters = 3.8.1 versions...

CVE•added yesterday•4 views

CVE-2026-39596

The CVE covers WordPress Blocksy Companion Pro plugin, vulnerable in versions

CVE•added yesterday•6 views

CVE-2026-22340

CVE-2026-22340: Unauthenticated SQL Injection in WordPress WPJobster theme

Cvelist•added yesterday•14 views

CVE-2026-22335 WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...

8.5CVSS

CVE•added yesterday•7 views

CVE-2026-22332

CVE-2026-22332 covers an unauthenticated SQL injection in WordPress Tutor LMS Pro plugin versions up to 3.9.6. The CVE entry and Patchstack reference document this vulnerability (including a CVSS v3.1 base score of 9.3, CRITICAL) affecting Tutor LMS Pro <=3.9.6, with exploitation status not pr...

Cvelist•added yesterday•15 views

CVE-2026-22332 WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...

CVE•added yesterday•9 views

CVE-2025-69135

Technical details (affected plugin version range, root cause, impact, remediation) are not publicly available in the provided connected documents. Monitor for updates; current sources do not specify vulnerable functions or fixes.

8.5CVSS5.7AI score

CVE•added yesterday•7 views

CVE-2026-28576

In Android, the Contacts Provider is affected by CVE-2026-28576, caused by a SQL injection in the contacts database access path. This allows local information disclosure without extra execution privileges and without user interaction. The issue is described across CVE entries and ENISA/Android re...

10CVSS6AI score0.00386EPSS

Exploits0References1Affected Software1

Cvelist•added yesterday•20 views

CVE-2026-28576

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00386EPSS