Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2026-39493
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions.
CVE-2026-39441
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.
CVE-2024-44349
CRITICAL CVSS 9.8
Find Similar
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in t
CVE-2025-8324
CRITICAL CVSS 9.8
Find Similar
Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
The Blogger 301 Redirect plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘br’ parameter in all versions up to, and including, 2.5.3 due to insufficient escaping on the use
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
CVE-2026-49776
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5