Export limit exceeded: 19072 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19072 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42383 | 2 Wordpress, Yithemes | 2 Wordpress, Yith Woocommerce Product Add-ons | 2026-05-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0. | ||||
| CVE-2023-4675 | 1 Gmbilisim | 1 Multi-disciplinary Design Optimization | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-4833 | 1 Besttem Network Marketing Project | 1 Besttem Network Marketing | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection. This issue affects Network Marketing Software: before 1.0.2309.6. | ||||
| CVE-2023-5045 | 1 Biltay | 1 Kayisi | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Kayisi: before 1286. | ||||
| CVE-2023-5046 | 1 Biltay | 1 Procost | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Procost: before 1390. | ||||
| CVE-2023-5047 | 1 Drd | 1 Drdrive | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection. This issue affects DRDrive: before 20231006. | ||||
| CVE-2023-5634 | 1 Arslansoft Education Portal Project | 1 Arslansoft Education Portal | 2026-05-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection. This issue affects Education Portal: before v1.1. | ||||
| CVE-2026-3985 | 2 Constantcontact, Wordpress | 2 Creative Mail – Easier Wordpress & Woocommerce Email Marketing, Wordpress | 2026-05-20 | 7.5 High |
| The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout_uuid' parameter in all versions up to, and including, 1.6.9. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the `has_checkout_consent()` method. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-7472 | 2 Edmonsoft, Wordpress | 2 Read More & Accordion, Wordpress | 2026-05-20 | 4.9 Medium |
| The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of esc_sql() without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit() and getAccordionAllDataByLimit() functions in ReadMoreData.php. The user-supplied $_GET['orderby'] value is only processed through esc_attr() (an HTML-escaping function) before being passed to these database functions, where esc_sql() is applied but the value is directly concatenated—unquoted—into the ORDER BY fragment of the SQL query before $wpdb->prepare() is called. Because esc_sql() only escapes quote characters and backslashes (which are irrelevant in an unquoted ORDER BY context), an attacker can inject arbitrary SQL expressions such as (SELECT SLEEP(5)) or conditional subqueries to perform time-based blind data extraction. This makes it possible for authenticated attackers with administrator-level access or above (or any role explicitly permitted access to the plugin's admin pages via the yrm-user-roles setting) to extract sensitive data from the database, including administrator credential hashes. | ||||
| CVE-2026-31069 | 1 Billabear | 1 Billabear | 2026-05-20 | 8.8 High |
| BillaBear (all versions prior to Jan 2026) contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf() without proper sanitization or identifier quoting. Although filter values are parameterized, the filter identifiers (keys) are not. An authenticated attacker with ROLE_ACCOUNT_MANAGER permissions can exploit this to execute arbitrary SQL commands. | ||||
| CVE-2026-9059 | 2 Awesomemotive, Wordpress | 2 Nextgen Gallery, Wordpress | 2026-05-20 | N/A |
| NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function ('_clean_column()') in the data mapper layer that uses a character blacklist instead of a whitelist approach. This allows an authenticated attacker with the 'NextGEN Gallery overview' capability (assigned to the Administrator role by default) to inject arbitrary SQL into the 'ORDER BY' clause. | ||||
| CVE-2026-8685 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2026-05-20 | 6.5 Medium |
| The Infility Global plugin for WordPress is vulnerable to SQL Injection via the 'orderby' and 'order' parameters in all versions up to, and including, 2.15.16. This is due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query within the show_control_data::post_list() function, which is registered as an admin menu page with only the 'read' capability. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-9065 | 2 Brainstormforce, Wordpress | 2 Surecart, Wordpress | 2026-05-20 | N/A |
| SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters ('model_name', 'model_id', 'integration_id', 'provider') on the REST API endpoint '/surecart/v1/integrations/{id}'. The root cause is a flawed escaping bypass in the query builder ('wp-query-builder'). Values passed to the 'where()' method are only sanitized via '$wpdb->prepare()' when they do **not** contain a dot ('.') or the WordPress table prefix ('wp_'). By including a dot anywhere in the payload, an attacker completely bypasses the escaping logic and injects arbitrary SQL into the 'WHERE' clause, allowing full UNION-based extraction of the database. | ||||
| CVE-2023-5807 | 2 Trek Software, Trteksolutions | 2 Education Portal, Education Portal | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection. This issue affects Education Portal: before 3.2023.29. | ||||
| CVE-2023-5806 | 1 Mergentech | 1 Quality Management System | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection. This issue affects Quality Management System: before v1.2. | ||||
| CVE-2026-9010 | 2 Pixelyoursite, Wordpress | 2 Boost, Wordpress | 2026-05-20 | 7.5 High |
| The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current_url' and 'user_name' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-9003 | 1 Tonnet | 1 Tpr7308 | 2026-05-20 | 7.5 High |
| E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2023-6191 | 1 Webpdks | 2 Egehan Security, Webpdks | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egehan Security WebPDKS allows SQL Injection. This issue affects WebPDKS: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6173 | 2026-05-20 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeoSOFT Software TeoBASE allows SQL Injection. This issue affects TeoBASE: through 27032024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5155 | 1 Utarit | 2 Solipay Mobile, Solipay Mobile App | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection. This issue affects SoliPay Mobile App: before 5.0.8. | ||||