Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

234430 matches found

Vulnrichment
Vulnrichmentadded 2026/04/23 1:44 p.m.1 views

CVE-2026-41460 SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...

9.8CVSS6.5AI score0.00972EPSS
Exploits2References3
Cvelist
Cvelistadded 2026/04/23 1:44 p.m.35 views

CVE-2026-41460 SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...

9.8CVSS0.00972EPSS
Exploits2References3
Github Security Blog
Github Security Blogadded 2026/04/23 12:31 p.m.7 views

H2O-3 is Vulnerable to Code Injection

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

9.8CVSS7.5AI score0.00938EPSS
Exploits1References4Affected Software1
EUVD
EUVDadded 2026/04/23 12:31 p.m.9 views

EUVD-2026-25205

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

5.9CVSS6.8AI score0.00938EPSS
Exploits1References3
CVE
CVEadded 2026/04/23 9:30 a.m.9 views

CVE-2026-6887

The CVE-2026-6887 entry concerns Borg SPM 2007 (BorG Technology Corporation). The connected sources describe a SQL Injection vulnerability that allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. The vulnerability impact is descr...

9.8CVSS6AI score0.00358EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2026/04/23 9:8 a.m.81 views

web-vulnerability-scanner

web-vulnerability-scanner This Reposito...

5.8AI score
Exploits0
CVE
CVEadded 2026/04/23 8:47 a.m.18 views

CVE-2026-3960

CVE-2026-3960 is a remote code execution in H2O-3 prior to 3.46.0.10 via the unauthenticated REST endpoint /99/ImportSQLTable. The issue stems from a MySQL-focused parameter blacklist that can be bypassed by switching the JDBC URL to a PostgreSQL URL (e.g., using socketFactory/socketFactoryArg pa...

9.8CVSS7.2AI score0.00938EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/23 8:47 a.m.3 views

CVE-2026-3960 Remote Code Execution in h2oai/h2o-3

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

5.9CVSS7.7AI score0.00938EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/04/23 8:47 a.m.3 views

CVE-2026-3960

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

5.9CVSS7.7AI score0.00938EPSS
Exploits1References3
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2026/04/23 7:57 a.m.4 views

CMS ALAYA vulnerable to SQL injection

Overview CMS ALAYA provided by KANATA Limited contains the following vulnerability. SQL injection CWE-89 - CVE-2026-40529 Naoto Senda of Five Drive Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

5.1CVSS5.2AI score0.00161EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/23 6:30 a.m.4 views

EUVD-2026-25184

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS5.8AI score0.00161EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2026/04/23 5:15 a.m.101 views

hangover-ctf-wolfpack-deals

🎰 The Hangover CTF — Machine 1: Wolfpack Deals "What happe...

8.8CVSS7.1AI score0.43988EPSS
Exploits27
Vulnrichment
Vulnrichmentadded 2026/04/23 4:15 a.m.3 views

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS5.7AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/23 4:15 a.m.28 views

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS0.00161EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2026/04/23 1:23 a.m.4 views

SUSE CVE-2026-41457

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEVadded 2026/04/23 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-67945

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue affects MailerLite – WooCommerce integration: from n/a through = 3.1.2...

9.3CVSS5.5AI score0.0038EPSS
In wildExploits0References3
Positive Technologies
Positive Technologiesadded 2026/04/23 12:0 a.m.6 views

PT-2026-34666

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module...

5.8AI score0.00359EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2026/04/23 12:0 a.m.7 views

PT-2026-34636

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS5.7AI score0.00161EPSS
Exploits0References2
Packet Storm
Packet Stormadded 2026/04/23 12:0 a.m.95 views

📄 Ghost CMS 6.19.0 SQL Injection

This is a Metasploit auxiliary module targeting a blind, unauthenticated SQL injection vulnerability in the Ghost CMS Content API that affects versions 3.24.0 through 6.19.0...

9.4CVSS6AI score0.69996EPSS
Exploits6
CVE
CVEadded 2026/04/23 12:0 a.m.5 views

CVE-2025-50229

CVE-2025-50229 affects Jizhicms v2.5.4 with a SQL injection vulnerability in the product editing module. The CVSS 3.1 vector indicates high impact on confidentiality, integrity, and availability (base score 9.8; network, low attack complexity, no privileges required, no user interaction). The con...

9.8CVSS5.8AI score0.00359EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder