CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 3 days ago•11 views

CVE-2026-9185

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...

7.5CVSS0.00075EPSS

Exploits0References11

Cvelist•added 3 days ago•29 views

CVE-2026-9185 6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter

7.5CVSS0.00075EPSS

Exploits0References11

CVE•added 3 days ago•10 views

CVE-2026-9185

CVE-2026-9185 affects the WordPress plugin 6Storage Rentals (versions

7.5CVSS5.5AI score0.00075EPSS

Exploits0References11

RedhatCVE•added last week•5 views

CVE-2026-5825

A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid results in cross site scripting. The attack can be initiated remotely. The exploit is now public and ma...

5.3CVSS4.1AI score0.00013EPSS

RedhatCVE•added last week•5 views

CVE-2026-31942

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...

7.1CVSS5.4AI score0.00044EPSS

EUVD•added 2026/05/28 2:13 p.m.•4 views

EUVD-2026-32902

phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API user password endpoint that allows authenticated administrators to change any user's password without authorization verification. An attacker with low-privilege admin credentials can escalate to...

8.8CVSS5.8AI score0.00044EPSS

Exploits0References2

NVD•added 2026/05/27 8:16 a.m.•11 views

CVE-2026-40824

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS0.00043EPSS

Cvelist•added 2026/05/27 7:50 a.m.•27 views

CVE-2026-40824 Authenticated SQLi in accountstatus view

7CVSS0.00043EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-43563

7CVSS6AI score0.00043EPSS

Exploits0References2

CNNVD•added 2026/05/27 12:0 a.m.•6 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

7CVSS5.9AI score0.00043EPSS

RedhatCVE•added 2026/05/26 8:14 p.m.•8 views

CVE-2026-9376

A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...

6.5CVSS6.2AI score0.00038EPSS

NVD•added 2026/05/25 3:16 p.m.•8 views

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS0.00044EPSS

ATTACKERKB•added 2026/05/25 2:15 p.m.•8 views

CVE-2018-25362

Exploits0References3Affected Software1

CVE•added 2026/05/25 2:15 p.m.•12 views

CVE-2018-25362

CVE-2018-25362 affects Twitter-Clone 1 with a SQL injection in follow.php via the userid parameter. The vulnerability lets an attacker manipulate queries using union-based or time-based blind payloads to extract sensitive data such as usernames, passwords, and database credentials. Impact is Conf...

Cvelist•added 2026/05/25 2:15 p.m.•20 views

CVE-2018-25362 Twitter-Clone 1 SQL Injection via follow.php

8.8CVSS0.00044EPSS

EUVD•added 2026/05/25 2:15 p.m.•6 views

EUVD-2018-21882

Vulnrichment•added 2026/05/25 2:15 p.m.•5 views

CVE-2018-25362 Twitter-Clone 1 SQL Injection via follow.php

Positive Technologies•added 2026/05/25 12:0 a.m.•8 views

PT-2026-43215

CNNVD•added 2026/05/25 12:0 a.m.•6 views

Exploits0References4

twitter-clone SQL注入漏洞

twitter-clone is an application by Fiffe Individual Developers. twitter-clone uses + Vue 3 + light to go development + TailwindCSS + PostgreSQL + recapitulation Twitter-Clone version 1 suffers from a SQL injection vulnerability that stems from the injection of SQL code via the userid parameter in...