Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output esc
CVE-2026-49067
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
CVE-2026-45439
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions.
CVE-2026-42381
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions.
CVE-2025-34162
CRITICAL CVSS 9.3
Find Similar
An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebS
CVE-2025-8324
CRITICAL CVSS 9.8
Find Similar
Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.
CVE-2026-39493
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions.
CVE-2024-50706
CRITICAL CVSS 9.8
Find Similar
Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database.
SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenticated users to execute arbitrary SQL commands via unspecified vectors.