CVE List – Find High-Risk & Exploited Vulnerabilities ATT&CK Technique:Initial Access / SQL Injection

MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.

Showing 81100 (more results available)
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-13485 A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument course_year_section results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. 5.5 0.41% 2026-06-28 2026-06-29
CVE-2026-13333 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'query[select]' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Representative-level access and above, to append additional SQL queries into already existing queries that can be used to 6.5 0.34% 2026-06-26 2026-06-29
CVE-2026-13331 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with marketer-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensit 6.5 0.28% 2026-06-26 2026-06-29
CVE-2026-54350 Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write query, modifies every document of that collection with one HTTP request. enrichContext at packages/server/src/sdk/workspace/queries/queries.ts:121-138 substitutes parameter values into the raw JSON body of 10.0 0.54% 2026-06-26 2026-06-30
CVE-2026-52785 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in timestamps functionality. OpenProject baseline comparison allows callers to request historic work-package attributes using the timestamps parameter. This vulnerability is fixed in 17.3.3 and 17.4.1. 9.9 0.22% 2026-06-26 2026-06-29
CVE-2026-57667 Sales Representative SQL Injection in Groundhogg <= 4.5 versions. 8.5 0.21% 2026-06-26 2026-06-29
CVE-2026-57663 Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. 8.5 0.21% 2026-06-26 2026-06-26
CVE-2026-57662 Contributor SQL Injection in Contest Gallery <= 30.0.0 versions. 8.5 0.21% 2026-06-26 2026-06-26
CVE-2026-57653 Contributor SQL Injection in WP Job Portal <= 2.5.2 versions. 8.5 0.21% 2026-06-26 2026-06-26
CVE-2026-57644 Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions. 8.5 0.21% 2026-06-26 2026-06-26
CVE-2026-57643 Contributor SQL Injection in WP Post Author <= 3.9.1 versions. 8.5 0.21% 2026-06-26 2026-06-26
CVE-2026-57642 Contributor SQL Injection in Gallery <= 4.7.8 versions. 8.5 0.21% 2026-06-26 2026-06-29
CVE-2026-57636 Contributor SQL Injection in wpForo Forum <= 3.0.9 versions. 8.5 0.21% 2026-06-26 2026-06-26
CVE-2026-57631 Administrator SQL Injection in Popup box <= 6.0.1 versions. 7.6 0.28% 2026-06-26 2026-06-26
CVE-2026-57628 Administrator SQL Injection in WP All Import <= 4.0.1 versions. 7.6 0.28% 2026-06-26 2026-06-26
CVE-2026-56070 Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions. 9.3 0.24% 2026-06-26 2026-06-26
CVE-2026-56068 Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions. 9.3 0.24% 2026-06-26 2026-06-29
CVE-2026-56067 Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions. 9.3 0.24% 2026-06-26 2026-06-26
CVE-2026-56064 Subscriber SQL Injection in Tourfic <= 2.22.5 versions. 8.5 0.28% 2026-06-26 2026-06-26
CVE-2026-56062 Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions. 9.3 0.24% 2026-06-26 2026-06-26
cvelogic Threat Intelligence