CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/15 9:16 a.m.•7 views

CVE-2026-7046

4.9CVSS0.00053EPSS

CVE•added 2026/05/15 7:46 a.m.•6 views

CVE-2026-7046

The CVE concerns the NEX-Forms – Ultimate Forms Plugin for WordPress. All versions up to 9.1.12 are affected by a time-based blind SQL Injection in the 'table' parameter due to insufficient escaping and inadequate query preparation. Authenticated attackers with administrator-level access can appe...

EUVD•added 2026/05/15 7:46 a.m.•5 views

EUVD-2026-30518

ATTACKERKB•added 2026/05/15 7:46 a.m.•3 views

CVE-2026-7046

Cvelist•added 2026/05/15 7:46 a.m.•32 views

Exploits0References12

CVE-2026-7046 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.12 - Authenticated (Administrator+) SQL Injection via 'table' Parameter

4.9CVSS0.00053EPSS

Positive Technologies•added 2026/05/15 12:0 a.m.•8 views

PT-2026-41277

Cvelist•added 2026/05/14 6:44 a.m.•35 views

Exploits0References12

CVE-2026-5395 Fluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' Parameter

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS0.00039EPSS

Exploits0References2

EUVD•added 2026/05/05 7:48 p.m.•3 views

EUVD-2026-27482

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...

9.3CVSS5.9AI score0.0006EPSS

CNNVD•added 2026/05/05 12:0 a.m.•4 views

Masa CMS SQL注入漏洞

Masa CMS is a digital experience platform. Masa CMS has a SQL injection vulnerability, which stems from the unvalidated JSON API accepting the altTable parameter and storing it through the setAltTable method. This may allow unauthorized attackers to read sensitive data through arbitrary subquerie...

9.3CVSS6AI score0.0006EPSS

OSV•added 2026/03/12 5:53 p.m.•2 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00073EPSS

Exploits1References3

Cvelist•added 2026/03/12 5:53 p.m.•24 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

9.3CVSS0.00073EPSS

Exploits1References1

Vulnrichment•added 2026/03/12 5:53 p.m.•2 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

9.3CVSS5.8AI score0.00073EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:41 a.m.•3 views

CVE-2022-35148

maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html...

6.5CVSS8.3AI score0.00223EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2013-7182

Malware in sbrugna...

6.5CVSS6.4AI score0.0389EPSS

Exploits1References4

CNNVD•added 2025/06/16 12:0 a.m.•2 views

Code-Projects Restaurant Order System 注入漏洞

Code-Projects Restaurant Order System is an open source restaurant order system from Code-Projects. An injection vulnerability exists in code-projects Restaurant Order System version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter ID in the file /table.php...

8.8CVSS6.9AI score0.00285EPSS

Exploits1References7

RedhatCVE•added 2025/05/23 3:3 a.m.•8 views

CVE-2023-2114

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

7.2CVSS9.1AI score0.45897EPSS

Exploits3References1

CNNVD•added 2025/04/02 12:0 a.m.•1 views

Open Solutions For Education OS4Ed OpenSIS SQL注入漏洞

Open Solutions For Education OS4Ed OpenSIS is commercial grade, secure, scalable and intuitive student information system, school management software from Open Solutions For Education, USA. With all the features to run single or multiple organizations in one installation. Web-based, php code, MyS...

7.5CVSS7.4AI score0.01237EPSS

Exploits0References3

Positive Technologies•added 2025/02/07 12:0 a.m.•3 views

PT-2025-6839 · Sourcecodester · Sourcecodester Multi Restaurant Table Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Multi Restaurant Table Reservation System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file select-menu.php. The manipulation of the table argument leads to SQL...

8.8CVSS8.1AI score0.00147EPSS

Exploits0References12

OSV•added 2025/01/15 11:15 p.m.•3 views

CVE-2025-22964

DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied...

8.1CVSS5.8AI score0.12647EPSS