Export limit exceeded: 19590 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19590 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39502 | 2 10web, Wordpress | 2 Form Maker, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions. | ||||
| CVE-2026-54813 | 2 Brainstorm Force, Wordpress | 2 Suredash, Wordpress | 2026-06-26 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0. | ||||
| CVE-2026-35068 | 1 Dell | 1 Powerflex | 2026-06-26 | 3.5 Low |
| Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2026-35069 | 1 Dell | 1 Powerflex | 2026-06-26 | 5.7 Medium |
| Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. | ||||
| CVE-2026-12937 | 2 Themefic, Wordpress | 2 Tourfic – Ai Powered Travel Booking, Hotel Booking & Car Rental Wordpress Plugin, Wordpress | 2026-06-26 | 7.5 High |
| The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'post_id' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The AJAX handler is registered for unauthenticated users via wp_ajax_nopriv_tf_room_availability, and the required nonce is emitted on the public single-hotel page template, allowing unauthenticated attackers to freely obtain a valid nonce and reach the vulnerable code path. | ||||
| CVE-2026-54838 | 2 Rymera Web Co, Wordpress | 2 Wc Vendors Marketplace, Wordpress | 2026-06-26 | 8.5 High |
| Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. | ||||
| CVE-2026-54843 | 2 Pluginus.net, Wordpress | 2 Mdtf, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in MDTF <= 1.3.7 versions. | ||||
| CVE-2026-54836 | 2 Wordpress, Ymc | 2 Wordpress, Ymc Filter | 2026-06-26 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5. | ||||
| CVE-2026-36670 | 1 Opensips | 1 Opensips | 2026-06-26 | 8.8 High |
| A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias_management.php. | ||||
| CVE-2026-24637 | 2 Blubrry, Wordpress | 2 Powerpress Podcasting, Wordpress | 2026-06-26 | 8.5 High |
| Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions. | ||||
| CVE-2026-49776 | 2 John-dagelmore, Wordpress | 2 Gptranslate – Multilingual Ai Translation For Wordpress: Automatically Translate Websites, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. | ||||
| CVE-2026-49772 | 2 Stellarwp, Wordpress | 2 The Events Calendar, Wordpress | 2026-06-26 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2. | ||||
| CVE-2026-49073 | 2 Wordpress, Wpwax | 2 Wordpress, Directorist | 2026-06-26 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3. | ||||
| CVE-2026-22332 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions. | ||||
| CVE-2026-39596 | 2 Creativethemes, Wordpress | 2 Blocksy Companion, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions. | ||||
| CVE-2026-54811 | 2 Tipsandtricks-hq, Wordpress | 2 Wp Emember, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in WP eMember < v10.9.4 versions. | ||||
| CVE-2026-54822 | 2 Salesmanago, Wordpress | 2 Salesmanago, Wordpress | 2026-06-26 | 8.5 High |
| Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions. | ||||
| CVE-2026-54849 | 2 Premmerce, Wordpress | 2 Wishlist For Woocommerce, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions. | ||||
| CVE-2025-61021 | 1 Openlink | 1 Virtuoso-opensource | 2026-06-26 | 7.5 High |
| An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2026-12079 | 2 Wedevs, Wordpress | 2 Dokan Pro, Wordpress | 2026-06-25 | 6.5 Medium |
| The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||