Lucene search
+L

217764 matches found

CVE
CVE
added 11 hours ago6 views

CVE-2026-16227

SourceCodester Class and Exam Timetabling System 1.0 contains a SQL injection flaw in edit_subject.php caused by manipulating the ID parameter. The vulnerability is exploitable remotely and has publicly disclosed exploits. Affected component is the edit_subject.php function handling subject edits...

7.5CVSS7.1AI score
Exploits0References6
GithubExploit
GithubExploit
added 14 hours ago30 views

Exploit for CVE-2026-60137

wp2shell — WordPress Core Pre-Auth RCE CVE-2026-63030 Ba...

9.8CVSS7.1AI score0.08946EPSS
Exploits37
GithubExploit
GithubExploit
added 14 hours ago30 views

Exploit for CVE-2026-63030

wp2shell Pre-Authentication Remote Code Execution in WordPres...

9.8CVSS6.7AI score0.08946EPSS
Exploits37
Nuclei
Nuclei
added 17 hours ago19 views

10Web Photo Gallery < 1.5.55 - SQL Injection

WordPress plugin 10Web Photo Gallery versions before 1.5.55 contains a SQL injection caused by unvalidated input in the 'bwgsearchx' parameter in frontend/models/model.php, letting attackers execute arbitrary SQL commands, exploit requires attacker to control the 'bwgsearchx' parameter. id:...

9.8CVSS9AI score0.05418EPSS
Exploits1References3
Nuclei
Nuclei
added 17 hours ago58 views

WordPress Car Seller - Auto Classifieds Script - SQL Injection

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitize, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL injection...

9.8CVSS8.7AI score0.14697EPSS
Exploits2References5
Nuclei
Nuclei
added 17 hours ago59 views

AeroCMS 0.1.1 - SQL Injection

AeroCMS 0.1.1 contains a SQL injection caused by unsanitized author parameter, letting attackers execute arbitrary SQL commands, exploit requires crafted author input. id: CVE-2022-38812 info: name: AeroCMS 0.1.1 - SQL Injection author: shivampand3y severity: medium description: | AeroCMS 0.1.1...

6.5CVSS7AI score0.02181EPSS
Exploits1References4
Nuclei
Nuclei
added 17 hours ago54 views

Download Monitor < 4.4.5 - SQL Injection

The Download Monitor plugin for WordPress is vulnerable to SQL injection via the 'orderby' parameter in versions before 4.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...

7.2CVSS7.3AI score0.17348EPSS
Exploits5References3
Nuclei
Nuclei
added 17 hours ago92 views

IPeakCMS 3.5 - SQL Injection

ipeak Infosystems ibexwebCMS 3.5 contains an unauthenticated Boolean-based SQL injection caused by unsanitized 'id' parameter in /cms/print.php, letting attackers execute arbitrary SQL commands, exploit requires no authentication. id: CVE-2021-3018 info: name: IPeakCMS 3.5 - SQL Injection author:...

9.8CVSS9AI score0.19506EPSS
Exploits3References3
Nuclei
Nuclei
added 17 hours ago58 views

Car Rental Management System 1.0 - SQL Injection

Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manageuser.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32028...

7.2CVSS7.5AI score0.04879EPSS
Exploits1References3
Nuclei
Nuclei
added 17 hours ago85 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. id: CVE-2022-31974 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injectio...

7.2CVSS7.6AI score0.04903EPSS
Exploits1References3
Nuclei
Nuclei
added 17 hours ago48 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manageuser&id=. id: CVE-2022-31975 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

7.2CVSS7.6AI score0.04863EPSS
Exploits1References3
Nuclei
Nuclei
added 17 hours ago106 views

MCMS 5.2.4 - SQL Injection

MCMS 5.2.4 contains a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-25125 info: name: MCMS...

9.8CVSS8.8AI score0.06981EPSS
Exploits1References3
Nuclei
Nuclei
added 17 hours ago91 views

Doctor Appointment System 1.0 - SQL Injection

SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. id: CVE-2021-27314 info: name: Doctor Appointment System 1.0 - SQL Injection author: theamanrawat severity: critical description: |...

9.8CVSS8.7AI score0.12394EPSS
Exploits3References3
Nuclei
Nuclei
added 17 hours ago35 views

WordPress RSVPMaker <=9.3.2 - SQL Injection

WordPress RSVPMaker plugin through 9.3.2 contains a SQL injection vulnerability due to insufficient escaping and parameterization on user-supplied data passed to multiple SQL queries in /rsvpmaker-email.php. An attacker can possibly obtain sensitive information, modify data, and/or execute...

9.8CVSS8AI score0.12003EPSS
Exploits3References5
Nuclei
Nuclei
added 17 hours ago109 views

Adminer <=4.8.0 - Cross-Site Scripting

Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a pdo extension to communicate with the database it is used if the native extensions are not enabled. id: CVE-2021-29625 info:...

7.5CVSS6.5AI score0.08723EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago63 views

Cryptocurrency Widgets Pack <= 1.8.1 - SQL Injection

Cryptocurrency Widgets Pack Plugin =1.8.1 for WordPress contains an unauthenticated SQL injection caused by unsanitized user input in database queries, letting attackers execute arbitrary SQL commands, exploit requires no authentication. id: CVE-2022-44588 info: name: Cryptocurrency Widgets Pack ...

9.9CVSS9.1AI score0.02268EPSS
Exploits0References2
Nuclei
Nuclei
added 17 hours ago87 views

CentOS Web Panel - SQL Injection

The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. id: CVE-2021-31316 info: name: CentOS Web Panel - SQL Injection author: ritikchaddha severity: critical description: | The unprivileged user portal part of CentOS Web Pane...

10CVSS9AI score0.13029EPSS
Exploits1References2
Nuclei
Nuclei
added 17 hours ago21 views

Chamilo model.ajax.php - SQL Injection

main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter. id: CVE-2021-34187 info: name: Chamilo model.ajax.php - SQL Injection author: DhiyaneshDK severity: critical description: | main/inc/ajax/model.ajax.php in Chamilo...

9.8CVSS8.9AI score0.16181EPSS
Exploits1References2
Nuclei
Nuclei
added 17 hours ago72 views

PuneethReddyHC action.php SQL Injection

An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping through the /action.php prId parameter. Using a post request does not sanitize the user input. id: CVE-2021-41648 info: name: PuneethReddyHC action.php SQL Injection author: daffainfo severity: high descriptio...

9.8CVSS8.3AI score0.5177EPSS
Exploits6References5
Nuclei
Nuclei
added 17 hours ago88 views

ZEROF Web Server 1.0 - SQL Injection

ZEROF Web Server 1.0 April 2021 allows SQL Injection via the /HandleEvent endpoint for the login page. id: CVE-2021-30175 info: name: ZEROF Web Server 1.0 - SQL Injection author: edoardottt severity: critical description: | ZEROF Web Server 1.0 April 2021 allows SQL Injection via the /HandleEvent...

9.8CVSS9AI score0.08548EPSS
Exploits0References4
Rows per page
Query Builder