Search

Expected end of text, found '.' (at char 47), (line:1, col:48)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (339696 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-32912 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32911 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32910 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32909 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32908 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32907 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32904 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32903 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32902 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32901 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32900 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32066 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32047 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32012 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-2412 2026-03-23 6.5 Medium
The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitize_text_field() function applied to the merged_question parameter does not prevent SQL metacharacters like ), OR, AND, and # from being included in the value, which is then directly concatenated into a SQL IN() clause without using $wpdb->prepare() or casting values to integers. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-28483 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-28455 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-22173 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-4681 2026-03-23 N/A
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0.
CVE-2026-4612 1 Itsourcecode 1 Free Hotel Reservation System 2026-03-23 7.3 High
A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument account_id leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.