Export limit exceeded: 19456 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19456 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39196 | 2026-06-17 | 9.8 Critical | ||
| Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the set_uri_query parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements. | ||||
| CVE-2026-35069 | 2026-06-17 | 5.7 Medium | ||
| Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. | ||||
| CVE-2026-54818 | 2 Veronalabs, Wordpress | 2 Slimstat Analytics, Wordpress | 2026-06-17 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11. | ||||
| CVE-2026-54812 | 2026-06-17 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Motors allows Blind SQL Injection. This issue affects Motors: from n/a through 1.4.109. | ||||
| CVE-2026-22332 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions. | ||||
| CVE-2025-59554 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions. | ||||
| CVE-2026-54809 | 2026-06-17 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10. | ||||
| CVE-2026-54815 | 2026-06-17 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6. | ||||
| CVE-2026-54187 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions. | ||||
| CVE-2026-54811 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in WP eMember < v10.9.4 versions. | ||||
| CVE-2025-69135 | 2026-06-17 | 8.5 High | ||
| Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions. | ||||
| CVE-2026-54808 | 2026-06-17 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.4. | ||||
| CVE-2026-54819 | 2026-06-17 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0. | ||||
| CVE-2026-54813 | 2026-06-17 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0. | ||||
| CVE-2026-48967 | 2 Dylan Kuhn, Wordpress | 2 Geo Mashup, Wordpress | 2026-06-17 | 8.5 High |
| Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions. | ||||
| CVE-2026-39596 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions. | ||||
| CVE-2026-48875 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions. | ||||
| CVE-2026-49079 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions. | ||||
| CVE-2026-39438 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions. | ||||
| CVE-2026-12360 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-06-17 | 7.5 High |
| The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listing_load_more AJAX handler accepts a filtered_query parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However, meta_query row values within filtered_query are not sanitized before being merged into SQL construction. This makes it possible for unauthenticated attackers to perform time-based or boolean blind SQL injection by appending a malicious meta_query value to a Load More AJAX request captured from any public Listing Grid page. | ||||