CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 5 days ago•34 views

CVE-2026-11488 code-projects Simple Flight Ticket Booking System POST Parameter checkUser.php sql injection

ATTACKERKB•added 5 days ago•5 views

CVE-2026-11488

7.5CVSS6.9AI score0.00033EPSS

Nuclei•added 5 days ago•46 views

Business Directory Plugin <= 6.4.2 - SQL Injection

The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

9.8CVSS5.8AI score0.9387EPSS

Exploits1References4

Nuclei•added 5 days ago•67 views

VICIdial - SQL Injection

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database. id: CVE-2024-8503 info: name: VICIdial - SQL Injection author: s4e-io severity: critical description:...

9.8CVSS7.9AI score0.93095EPSS

Exploits12References3

Nuclei•added 5 days ago•24 views

Woo Inquiry <= 0.1 - SQL Injection

The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

10CVSS5.7AI score0.8034EPSS

Exploits1References3

Nuclei•added 5 days ago•29 views

Metinfo 7.0.0 beta - SQL Injection

Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/product/admin/productadmin.class.php via the admin/?n=product&c=productadmin&a=dopara&apptype=shop id parameter. id: CVE-2019-16996 info: name: Metinfo 7.0.0 beta - SQL Injection author: ritikchaddha severity: high description:...

7.2CVSS7.4AI score0.92478EPSS

Exploits1References5

Nuclei•added 5 days ago•49 views

TurboMeeting - Boolean-based SQL Injection

A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server. id: CVE-2024-38289 info: name:...

9.8CVSS6.1AI score0.84253EPSS

Exploits1References1

Nuclei•added 5 days ago•49 views

MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...

9.8CVSS8.1AI score0.93106EPSS

Exploits1References4

Cvelist•added 5 days ago•34 views

CVE-2026-11486 SourceCodester Class and Exam Timetabling System archive1.php sql injection

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /archive1.php. Performing a manipulation of the argument sy results in sql injection. Remote exploitation of the attack is possible. The...

ATTACKERKB•added 5 days ago•4 views

CVE-2026-11486

7.5CVSS7.1AI score0.00033EPSS

Cvelist•added 5 days ago•40 views

CVE-2026-11485 SourceCodester Class and Exam Timetabling System archive2.php sql injection

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly...

CVE•added 5 days ago•11 views

CVE-2026-11485

The CVE-2026-11485 affects SourceCodester Class and Exam Timetabling System 1.0. A vulnerability in an unknown function of /archive2.php allows manipulation of the argument sy to trigger SQL injection. The attack can be launched remotely, and the exploit has been disclosed publicly. These details...

ATTACKERKB•added 5 days ago•3 views

CVE-2026-11485

CVE•added 5 days ago•12 views

CVE-2026-11484

SourceCodester Class and Exam Timetabling System 1.0 is affected by a SQL injection via the archive3.php file (argument sy). The vulnerability is exploitable remotely and reportedly has publicly available exploit code. The records do not specify the exact vulnerable function name beyond archive3....

Vulnrichment•added 5 days ago•5 views

CVE-2026-11484 SourceCodester Class and Exam Timetabling System archive3.php sql injection

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

7.5CVSS5.4AI score0.00033EPSS

Cvelist•added 5 days ago•33 views

CVE-2026-11484 SourceCodester Class and Exam Timetabling System archive3.php sql injection

NVD•added 5 days ago•6 views

CVE-2026-11480

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. I...

6.5CVSS0.00041EPSS

ATTACKERKB•added 5 days ago•3 views

CVE-2026-11483

A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /archive4.php. The manipulation of the argument sy results in sql injection. The attack can be launched remotely. The exploit has been released to the public a...

Cvelist•added 5 days ago•36 views

CVE-2026-11483 SourceCodester Class and Exam Timetabling System archive4.php sql injection