Search Results (19742 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-24031 2 Dovecot, Open-xchange 3 Dovecot, Dovecot, Ox Dovecot Pro 2026-06-30 7.7 High
Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits are known.
CVE-2026-10835 2 Salesmanago, Wordpress 2 Salesmanago, Wordpress 2026-06-29 7.7 High
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks.
CVE-2026-56036 2 Codemstory, Wordpress 2 워드프레스 결제 심플페이, Wordpress 2026-06-29 9.3 Critical
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.
CVE-2026-56062 2 Oooorgle, Wordpress 2 Quotes Llama, Wordpress 2026-06-29 9.3 Critical
Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.
CVE-2026-57644 2 Jetmonsters, Wordpress 2 Restaurant Menu By Motopress, Wordpress 2026-06-29 8.5 High
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
CVE-2026-57667 2 Adrian Tobey, Wordpress 2 Groundhogg, Wordpress 2026-06-29 8.5 High
Sales Representative SQL Injection in Groundhogg <= 4.5 versions.
CVE-2026-49048 1 Joomcoder.com 1 Joomcck Extension For Joomla 2026-06-29 9.8 Critical
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation.
CVE-2026-13569 2 Eyoucms, Weng-xianhu 2 Eyoucms, Eyoucms 2026-06-29 4.7 Medium
A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument click_like leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2026-54820 2 Crocoblock, Wordpress 2 Jetbooking, Wordpress 2026-06-29 9.3 Critical
Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.
CVE-2026-54827 2 Contempothemes, Wordpress 2 Real Estate 7, Wordpress 2026-06-29 9.3 Critical
Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.
CVE-2026-56034 2 Owthub, Wordpress 2 Library Management System, Wordpress 2026-06-29 9.3 Critical
Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.
CVE-2026-56067 2 Jetimpex Inc., Wordpress 2 Jetsmartfilters, Wordpress 2026-06-29 9.3 Critical
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
CVE-2026-56068 2 Crocoblock, Wordpress 2 Jetengine, Wordpress 2026-06-29 9.3 Critical
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
CVE-2026-57628 2 Wordpress, Wpallimport 2 Wordpress, Wp All Import 2026-06-29 7.6 High
Administrator SQL Injection in WP All Import <= 4.0.1 versions.
CVE-2026-57663 2 Really-simple-plugins, Wordpress 2 Recipe Maker For Your Food Blog From Zip Recipes, Wordpress 2026-06-29 8.5 High
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
CVE-2026-12077 2 Wedevs, Wordpress 2 Dokan Pro, Wordpress 2026-06-29 7.5 High
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-40523 1 Frontaccounting 1 Frontaccounting 2026-06-29 8.1 High
FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SA_GLANALYTIC permission to execute arbitrary SQL queries by injecting malicious code into the PARAM_2 and PARAM_3 POST parameters. Attackers can exploit time-based blind SQL injection through SLEEP() functions that are amplified across JOIN result sets to cause denial of service by exhausting database connections, or extract arbitrary database content through UNION-based injection techniques.
CVE-2026-40522 1 Frontaccounting 1 Frontaccounting 2026-06-29 7.1 High
FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM_0 POST parameter. Attackers can supply malicious SQL syntax through the unparameterized WHERE clause to retrieve sensitive information including usernames, password hashes, and email addresses from the users table, rendered into PDF report output.
CVE-2026-57642 2 Bestwebsoft, Wordpress 2 Gallery, Wordpress 2026-06-29 8.5 High
Contributor SQL Injection in Gallery <= 4.7.8 versions.
CVE-2026-13579 1 Itsourcecode 1 Hospital Management System 2026-06-29 6.3 Medium
A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.