CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

RedhatCVE•added 2026/04/14 7:23 p.m.•4 views

CVE-2026-39475

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.1...

8.5CVSS5.9AI score0.00035EPSS

Exploits0References1

EUVD•added 2026/04/08 9:31 a.m.•3 views

EUVD-2026-20142

Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through = 1.10.1...

5.9AI score0.00032EPSS

Exploits0References2

NVD•added 2026/04/08 9:16 a.m.•2 views

CVE-2026-39475

8.5CVSS0.00035EPSS

Exploits0References1

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-31118

5.9AI score0.00032EPSS

Exploits0References3

Positive Technologies•added 2026/04/08 12:0 a.m.•3 views

PT-2026-31117

5.9AI score0.00035EPSS

Exploits0References3

RedhatCVE•added 2025/12/25 1:23 p.m.•2 views

CVE-2025-68496

7.6CVSS5.9AI score0.0001EPSS

Exploits0References1

Positive Technologies•added 2025/12/24 12:0 a.m.•2 views

PT-2025-53076

Name of the Vulnerable Software and Affected Versions Syed Balkhi User Feedback versions through 1.10.1 Description The software contains a flaw related to improper handling of special characters within SQL commands, potentially leading to a Blind SQL Injection. The issue exists in User Feedback...

9.8CVSS7.2AI score0.0001EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-21447

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00086EPSS

Exploits0References2

Vulnrichment•added 2024/07/12 9:30 p.m.•7 views

CVE-2024-5902 UserFeedback Lite <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Name Parameter

The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6.2AI score0.03505EPSS

Exploits0References2

CVE•added 2024/07/12 9:30 p.m.•51 views

CVE-2024-5902

CVE-2024-5902 affects the WordPress plugin User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds. The issue is Stored Cross-Site Scripting via the name parameter in all versions up to 1.0.15, allowing unauthenticated attackers to inject scripts that run when a high-...

7.2CVSS6.4AI score0.03505EPSS

Exploits0References2Affected Software1

OSV•added 2024/02/08 2:15 a.m.•15 views

CVE-2024-24021

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list...

9.8CVSS8.1AI score

Exploits0References2