Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

93242 matches found

CVE
CVEadded 2026/05/30 2:55 p.m.15 views

CVE-2018-25407

CVE-2018-25407 affects eNdonesia Portal 8.7, where multiple SQL injection flaws in mod.php allow unauthenticated attackers to execute arbitrary SQL via parameters such as artid, cid, did, contid, and aboutid across the publisher, diskusi, galeri, content, and about modules. The issue can be used ...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/30 2:55 p.m.6 views

EUVD-2018-21927

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
GithubExploit
GithubExploitadded 2026/05/30 10:50 a.m.97 views

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploitation-Using-Metasploit-

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploit...

6.5AI score
Exploits0
CVE
CVEadded 2026/05/30 9:29 a.m.46 views

CVE-2026-7465

Summary (supported by provided documents): CVE-2026-7465 affects the WordPress plugin Spectra Gutenberg Blocks (ultimate-addons-for-gutenberg). In versions up to and including 2.19.25, an authenticated Contributor can influence post block attributes in uagb/* blocks, which are dynamically registe...

8.8CVSS6.1AI score0.0083EPSS
In wildExploits3References6
CVE
CVEadded 2026/05/30 6:0 a.m.18 views

CVE-2026-10110

The CVE-2026-10110 affects code-projects’ Student Details Management System 1.0. The vulnerability resides in an unknown function of /index.php, where manipulation of the roll argument enables SQL injection. Exploitation is possible remotely and a public exploit reportedly exists. Metrics indicat...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/30 6:0 a.m.44 views

CVE-2026-10110 code-projects Student Details Management System index.php sql injection

A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and m...

7.5CVSS0.00254EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/30 6:0 a.m.10 views

CVE-2026-10110 code-projects Student Details Management System index.php sql injection

A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and m...

7.5CVSS7AI score0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/30 12:0 a.m.12 views

PT-2026-45115

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers can send GET requests to director.php with crafted SQL payloads in the director parameter to...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/30 12:0 a.m.7 views

PT-2026-45117

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers can send GET requests to quality.php with crafted SQL payloads in the quality parameter to extrac...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/30 12:0 a.m.8 views

PT-2026-45120

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/30 12:0 a.m.8 views

PT-2026-45116

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/30 12:0 a.m.10 views

PT-2026-45112

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute...

9.8CVSS6.4AI score0.00573EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2026/05/30 12:0 a.m.9 views

PT-2026-45105

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/30 12:0 a.m.12 views

PT-2026-45119

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/05/30 12:0 a.m.9 views

Code-Projects Student Details Management System SQL注入漏洞

Code-Projects Student Details Management System is an open-source student information management system developed by Code-Projects. Version 1.0 of the code-projects Student Details Management System contains a SQL injection vulnerability. This vulnerability stems from the roll parameter in the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2026/05/30 12:0 a.m.11 views

Debian dsa-6311 : php-twig - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6311 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6311-1 [email protected] https://www.debian.org/securit...

9.9CVSS5.6AI score0.00675EPSS
Exploits0References30
Positive Technologies
Positive Technologiesadded 2026/05/30 12:0 a.m.8 views

PT-2026-45110

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/30 12:0 a.m.10 views

PT-2026-45107

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References5
NVD
NVDadded 2026/05/29 8:16 p.m.12 views

CVE-2026-48557

Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer. The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo preserving inner .php...

8.8CVSS0.0044EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/05/29 8:13 p.m.10 views

CVE-2026-9518

A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file viewstudents.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References1
Rows per page
Query Builder