CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

405 matches found

Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS7.6AI score0.39855EPSS

Exploits0References4

Nuclei•added yesterday•48 views

Control iD iDSecure - Authentication Bypass

An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative use...

9.8CVSS7.3AI score0.92487EPSS

Exploits6

Nuclei•added yesterday•92 views

Wordpress Country State City Dropdown <=2.7.2 - SQL Injection

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

9.8CVSS5.9AI score0.93237EPSS

Exploits1References5

Nuclei•added yesterday•58 views

SPIP BigUp Plugin - Remote Code Execution

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. id: CVE-2024-8517 info: name: SPIP BigUp Plugin - Remote Code Execution...

9.8CVSS7.6AI score0.93372EPSS

Exploits7References5

Nuclei•added yesterday•7 views

Youzify < 1.2.0 - Unauthenticated SQLi

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection id: CVE-2022-1950 info: name: Youzify 1.2.0 - Unauthenticated SQLi author:...

9.8CVSS7.4AI score0.59651EPSS

Exploits1References1

Nuclei•added yesterday•20 views

Viral Signup <= 2.1 - SQL Injection

The Viral Signup limited opt-in with viral referral sharing plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

9.8CVSS5.9AI score0.74446EPSS

Exploits1References4

Nuclei•added 2 days ago•75 views

WBCE 1.6.0 - SQL Injection

There is an sql injection vulnerability in "miniform module" which is a default module installed in the WBCE cms. It is an unauthenticated sqli so anyone could access it and takeover the whole database. In file "/modules/miniform/ajaxdeletemessage.php" there is no authentication check. On line 40...

9.8CVSS7.3AI score0.70992EPSS

Exploits3References3

Nuclei•added 3 days ago•15 views

Chamilo model.ajax.php - SQL Injection

main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter. id: CVE-2021-34187 info: name: Chamilo model.ajax.php - SQL Injection author: DhiyaneshDK severity: critical description: | main/inc/ajax/model.ajax.php in Chamilo...

9.8CVSS7.4AI score0.89487EPSS

Exploits1References2

Nuclei•added 3 days ago•77 views

Advantech R-SeeNet 2.4.12 - OS Command Injection

Advantech R-SeeNet 2.4.12 is susceptible to remote OS command execution via the ping.php script functionality. An attacker, via a specially crafted HTTP request, can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering...

10CVSS7.5AI score0.92871EPSS

Exploits1References5

Nuclei•added 6 days ago•50 views

Joomla! JCK Editor SQL Injection

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. id: CVE-2018-17254 info: name: Joomla! JCK Editor SQL Injection author: SumanKar severity: critical description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection vi...

9.8CVSS7.4AI score0.8523EPSS

Exploits5References5

Nuclei•added 2026/05/27 12:33 a.m.•119 views

SAP Solution Manager 7.2 - Remote Command Execution

SAP Solution Manager SolMan running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet tcsmdagentapplicationeem. The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information...

10CVSS7.7AI score0.94152EPSS

Exploits7References7

RedhatCVE•added 2026/01/09 10:15 a.m.•5 views

CVE-2019-2856

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Application Container - JavaEE. Supported versions that are affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle...

9.8CVSS7.3AI score0.01805EPSS

Exploits0References1

IBM Security Bulletins•added 2025/12/01 6:25 a.m.•5 views

Security Bulletin: Due to use of Apache Jena SDB, IBM Jazz Reporting Service is affected by a JDBC Deserialisation attack.

Summary Apache Jena SDB is used internally by IBM Jazz Reporting Service CVE-2022-45136. Vulnerability Details CVEID:CVE-2022-45136 DESCRIPTION: Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the...

9.8CVSS6.6AI score0.01959EPSS

Exploits0Affected Software1

OpenVAS•added 2025/10/10 12:0 a.m.•1 views

Fedora: Security Advisory (FEDORA-2025-3c80b660e0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.9CVSS6.8AI score0.00037EPSS

Exploits0References3