Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

234332 matches found

Cvelist
Cvelistadded 2026/05/05 4:30 a.m.48 views

CVE-2026-7822 itsourcecode Courier Management System print_pdets.php sql injection

A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /printpdets.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

6.5CVSS0.00196EPSS
Exploits0References5
NVD
NVDadded 2026/05/05 4:16 a.m.6 views

CVE-2026-3456

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

7.5CVSS0.00278EPSS
Exploits0References2
NVD
NVDadded 2026/05/05 4:16 a.m.8 views

CVE-2026-35228

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects component: helper tool. The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server...

8.7CVSS0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/05 3:37 a.m.3 views

CVE-2026-3456

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/05 3:37 a.m.7 views

CVE-2026-3456 GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.2.0 - Unauthenticated SQL Injection via 'attributekey'

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/05 3:37 a.m.39 views

CVE-2026-3456 GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.2.0 - Unauthenticated SQL Injection via 'attributekey'

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

7.5CVSS0.00278EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/05 3:31 a.m.3 views

EUVD-2026-27188

The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.5CVSS5.9AI score0.00413EPSS
Exploits0References20
CVE
CVEadded 2026/05/05 3:24 a.m.19 views

CVE-2026-35228

CVE-2026-35228 affects Oracle MCP Server Helper Tool (Oracle Open Source Projects) with vulnerable versions 1.0.1–1.0.156. An unauthenticated attacker can reach the server over HTTP and, according to the description, could cause the tool to execute malicious SQL. The Connected documents provide t...

8.7CVSS5.8AI score0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/05 3:24 a.m.1 views

CVE-2026-35228

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects component: helper tool. The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server...

8.7CVSS5.8AI score0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/05 3:24 a.m.2 views

CVE-2026-35228

Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects component: helper tool. The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server...

8.7CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/05 2:26 a.m.4 views

CVE-2026-5100

The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.5CVSS5.9AI score0.00413EPSS
Exploits0References20
Vulnrichment
Vulnrichmentadded 2026/05/05 2:26 a.m.5 views

CVE-2026-5100 AWP Classifieds <= 4.4.5 - Unauthenticated SQL Injection via 'regions'

The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.5CVSS5.9AI score0.00413EPSS
Exploits0References19
CVE
CVEadded 2026/05/05 2:26 a.m.7 views

CVE-2026-5100

The CVE-2026-5100 entry concerns the WordPress AWP Classifieds plugin up to v4.4.5, vulnerable to SQL Injection via the regions parameter array keys due to insufficient escaping and lack of prepared statements. The issue allows unauthenticated attackers to append additional SQL to existing querie...

7.5CVSS5.9AI score0.00413EPSS
Exploits0References19
RedhatCVE
RedhatCVEadded 2026/05/05 2:20 a.m.3 views

CVE-2026-7694

A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. Executing a manipulation of the argument fCircuitids can lead to sql injection. The...

7.5CVSS6.8AI score0.00325EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/05 12:30 a.m.10 views

EUVD-2026-27155

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

6.5CVSS6.4AI score0.00241EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/05 12:0 a.m.3 views

CVE-2026-38428

Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. As a result, attackers can inject arbitrary SQL expressions into the...

6AI score0.00367EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/05/05 12:0 a.m.11 views

PT-2026-37219

Name of the Vulnerable Software and Affected Versions SQLBot versions prior to 1.7.1 Description The Text2SQL chat interface is susceptible to prompt injection. The question parameter is concatenated into the Large Language Model LLM prompt without filtering or escaping, and the resulting SQL is...

9.4CVSS6.7AI score0.00603EPSS
Exploits2References5
Cvelist
Cvelistadded 2026/05/05 12:0 a.m.34 views

CVE-2026-38428

Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitization or parameterization. As a result, attackers can inject arbitrary SQL expressions into the...

0.00367EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/05/05 12:0 a.m.5 views

WordPress plugin GeekyBot SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS5.9AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/05 12:0 a.m.7 views

Masa CMS SQL注入漏洞

Masa CMS is an enterprise content management platform based on open-source technology, developed by Masa CMS organization. Masa CMS versions 7.5.2 and earlier have a SQL injection vulnerability. This vulnerability stems from the improper handling of the sortBy parameter in the getQuery function o...

9.3CVSS6.2AI score0.00302EPSS
Exploits0References2
Rows per page
Query Builder