CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 4 days ago•11 views

CVE-2026-12206

Grit42 Grit (up to 0.11.0) contains a SQL injection in Grit::Assays::DataTableEntity (modules/assays/backend/app/models/grit/assays/data_table_entity.rb). The issue can be exploited remotely; a publicly available exploit exists. The vendor was contacted but did not respond. No remediation or vers...

6.5CVSS6.3AI score0.00196EPSS

8.8CVSS6.1AI score0.0027EPSS

PT-2026-49211

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

6.5CVSS5.3AI score0.00196EPSS

PT-2026-49166

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data table entity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

Exploits0References6

Cvelist•added 4 days ago•24 views

CVE-2026-39196

Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the seturiquery parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements...

0.00321EPSS

Exploits0References1

Cvelist•added 4 days ago•25 views

CVE-2026-36670

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

0.00361EPSS

Exploits1References1

CVE•added 4 days ago•13 views

CVE-2026-50890

Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

9.8CVSS5.7AI score0.00321EPSS

Exploits0References1

Positive Technologies•added 4 days ago•8 views

PT-2026-49331

5.6AI score0.00321EPSS

Cvelist•added 4 days ago•28 views

CVE-2026-50890

0.00321EPSS

Exploits0References1

Positive Technologies•added 4 days ago•6 views

PT-2026-49518

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

9.3CVSS5.7AI score0.00297EPSS

Positive Technologies•added 4 days ago•8 views

PT-2026-49466

Unauthenticated SQL Injection in Realtyna Organic IDX plugin = 5.1.0 versions...

9.3CVSS5.7AI score0.00291EPSS

Positive Technologies•added 4 days ago•5 views

PT-2026-49355

Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...

8.5CVSS5.7AI score0.00253EPSS

8.5CVSS5.7AI score0.00332EPSS

PT-2026-49487

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

Positive Technologies•added 4 days ago•5 views

PT-2026-49493

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...

8.5CVSS5.7AI score0.00332EPSS

Positive Technologies•added 4 days ago•8 views

PT-2026-49490

Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...

9.3CVSS5.7AI score0.00283EPSS

Positive Technologies•added 4 days ago•6 views

PT-2026-49504

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...

9.3CVSS5.7AI score0.00297EPSS

Positive Technologies•added 4 days ago•6 views

PT-2026-49411

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

8.5CVSS5.7AI score0.00332EPSS

Positive Technologies•added 4 days ago•9 views

PT-2026-49306

Name of the Vulnerable Software and Affected Versions Metacat versions 2.0.0 through 2.x Description Metacat contains an unauthenticated SQL injection in the '/harvesterRegistration' endpoint. The dbInsert function in HarvesterRegistration constructs an INSERT statement for the HARVEST SITE...

9.8CVSS5.6AI score0.0037EPSS

7.5CVSS5.7AI score0.00251EPSS

PT-2026-49410

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...