CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

303 matches found

EUVD•added 2025/12/29 3:30 p.m.•4 views

EUVD-2025-205582

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

6.1CVSS5.4AI score0.00291EPSS

Exploits1References4

EUVD•added 2025/12/11 7:49 p.m.•3 views

EUVD-2025-202873

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

7.6CVSS6.7AI score0.00306EPSS

Exploits0References2

Vulnrichment•added 2025/12/11 7:49 p.m.•3 views

CVE-2025-13214 IBM Aspera Orchestrator SQL Injection

7.6CVSS6.8AI score0.00306EPSS

Exploits0References1

CVE•added 2025/11/12 12:0 a.m.•10 views

CVE-2025-56385

WellSky Harmony 4.1.0.2.83 has a SQL injection in the login endpoint xmHarmony.asp via the TXTUSERID parameter. The vulnerability arises from insufficient sanitization of user input before it is used in a SQL query, enabling authentication bypass, data leakage, or potential full compromise of bac...

9.8CVSS7.7AI score0.00436EPSS

Exploits0References3Affected Software1

EUVD•added 2025/11/11 3:30 a.m.•12 views

EUVD-2025-60989

SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability...

5.4CVSS6.4AI score0.00162EPSS

Exploits0References3

Cvelist•added 2025/11/08 9:32 p.m.•10 views

CVE-2025-12914 aaPanel BaoTa Backend database sql injection

A vulnerability has been found in aaPanel BaoTa up to 11.2.x. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been...

5.8CVSS0.00222EPSS

Exploits0References5

OSV•added 2025/10/30 10:15 p.m.•3 views

CVE-2020-36869

Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly...

7.2CVSS6AI score

Exploits0References2

Vulnrichment•added 2025/10/30 9:31 p.m.•3 views

CVE-2020-36857 Nagios XI < 5.6.14 Authenticated SQL Injection via SNMP Trap Interface Page

Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection vulnerability in the SNMP Trap Interface page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not...

8.6CVSS7.6AI score0.01934EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2017-10686

Malware in sbrugna...

9.8CVSS9.5AI score0.01918EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-8733

Malware in sbrugna...

7.6CVSS7.5AI score0.00935EPSS

Exploits0References2