Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 2026/05/20 12:0 a.m.5 views

PT-2026-42102

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current url' and 'user name' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes...

7.5CVSS5.9AI score0.00084EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/26 2:58 p.m.0 views

CVE-2026-4306

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.0004EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/22 2:12 p.m.0 views

CVE-2019-25455 Web Ofisi E-Ticaret v3 SQL Injection via ara.html

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information...

8.8CVSS5.8AI score0.00148EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/02/18 12:0 a.m.3 views

WordPress plugin WPNakama SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00047EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/10/16 8:33 a.m.1 views

CVE-2025-10743

The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

7.5CVSS6.8AI score0.00105EPSS
Exploits0References1
NVD
NVDadded 2025/08/27 4:15 p.m.2 views

CVE-2025-50984

diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ESPASS, ESMAXSIZE, ESTRANSLOGSIZE, ESTIMEOUT, ESUSER, ESHOST, ESPORT, ESSCROLLSIZE, ESCHUNKSIZE and...

5.3CVSS0.00063EPSS
Exploits1References1
CVE
CVEadded 2025/08/27 12:0 a.m.10 views

CVE-2025-50984

Diskover-web v2.3.0 Community Edition is affected by multiple boolean-based blind SQL injection flaws in the Elasticsearch configuration form. Untrusted input in POST fields (e.g., ES_PASS, ES_MAXSIZE, ES_TRANSLOGSIZE, ES_TIMEOUT, ES_USER, ES_HOST, ES_PORT, ES_SCROLLSIZE, ES_CHUNKSIZE) can inject...

5.3CVSS7.1AI score0.00063EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder