Export limit exceeded: 346191 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18774 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18774 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48040 | 1 Tainacan | 1 Tainacan | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows SQL Injection.This issue affects Tainacan: from n/a through <= 0.21.8. | ||||
| CVE-2024-47331 | 1 Ninjateam | 2 Multi Step For Contact Form, Multi Step For Contact Form 7 | 2026-04-01 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ninja Team Multi Step for Contact Form cf7-multi-step allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through <= 2.7.7. | ||||
| CVE-2024-47328 | 1 Funnelkit | 1 Funnelkit Automations | 2026-04-01 | 7.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman FunnelKit Automations wp-marketing-automations allows SQL Injection.This issue affects FunnelKit Automations: from n/a through <= 3.1.2. | ||||
| CVE-2024-47325 | 1 Themeisle | 1 Multiple Page Generator | 2026-04-01 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects MPG: from n/a through <= 3.4.7. | ||||
| CVE-2024-47304 | 1 Wpmanageninja | 1 Fluent Support | 2026-04-01 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Fluent Support fluent-support allows SQL Injection.This issue affects Fluent Support: from n/a through <= 1.8.0. | ||||
| CVE-2024-44004 | 1 Wptaskforce | 2 Track \& Trace, Wpcargo Track \& Trace | 2026-04-01 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2. | ||||
| CVE-2024-43978 | 1 Superstorefinder | 1 Super Store Finder | 2026-04-01 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through < 6.9.8. | ||||
| CVE-2024-43976 | 1 Superstorefinder | 1 Super Store Finder | 2026-04-01 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through <= 6.9.7. | ||||
| CVE-2024-39622 | 1 Cridio | 1 Listingpro | 2026-04-01 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4. | ||||
| CVE-2024-39620 | 1 Cridio | 1 Listingpro | 2026-04-01 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4. | ||||
| CVE-2024-38795 | 1 Cridio | 1 Listingpro | 2026-04-01 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4. | ||||
| CVE-2024-38708 | 1 Ukrsolution | 1 Barcode Scanner And Inventory Manager | 2026-04-01 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.6.1. | ||||
| CVE-2024-32706 | 1 Reputeinfosystems | 1 Arforms | 2026-04-01 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4. | ||||
| CVE-2024-30488 | 1 Katieseaborn | 1 Zotpress | 2026-04-01 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Katie Zotpress zotpress.This issue affects Zotpress: from n/a through <= 7.3.7. | ||||
| CVE-2024-30244 | 2 Church Admin Project, Wordpress | 2 Church Admin, Wordpress | 2026-04-01 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.27. | ||||
| CVE-2024-30238 | 1 Contest-gallery | 1 Contest Gallery | 2026-04-01 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.2. | ||||
| CVE-2024-30236 | 1 Contest-gallery | 1 Contest Gallery | 2026-04-01 | 9.9 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4. | ||||
| CVE-2024-23507 | 1 Instawp | 1 Instawp Connect | 2026-04-01 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9. | ||||
| CVE-2026-5147 | 1 Yunaiv | 1 Yudao-cloud | 2026-04-01 | 7.3 High |
| A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4317 | 1 Umami Software Application | 1 Umami Software | 2026-04-01 | N/A |
| SQL inyection (SQLi) vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by including malicious characters and SQL payload. The application would interpolate these values directly into the SQL query without first performing proper filtering or sanitization (e.g., using functions such as 'prisma.rawQuery', 'prisma.$queryRawUnsafe' or raw queries with 'ClickHouse'). The successful explotation of this vulnerability could allow an authenticated attacker to compromiso the data of the database and execute dangerous functions. | ||||