CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

443 matches found

Vulnrichment•added 2026/02/03 10:1 p.m.•1 views

CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS5.7AI score0.00365EPSS

Exploits1References3

Positive Technologies•added 2026/02/03 12:0 a.m.•3 views

PT-2026-5827

8.8CVSS5.9AI score0.00365EPSS

Exploits1References4

NVD•added 2026/01/15 4:16 p.m.•2 views

CVE-2021-47766

Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to...

7.1CVSS0.00239EPSS

Exploits0References2

EUVD•added 2026/01/15 3:52 p.m.•4 views

EUVD-2026-2773

7.1CVSS7.3AI score0.00239EPSS

Exploits0References4

RedhatCVE•added 2026/01/14 11:18 p.m.•1 views

CVE-2022-50895

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

9.8CVSS7.7AI score0.00554EPSS

Exploits1References1

OSV•added 2026/01/13 11:15 p.m.•3 views

CVE-2022-50895

9.8CVSS5.9AI score0.00554EPSS

Exploits1References4

NVD•added 2026/01/13 11:15 p.m.•2 views

CVE-2022-50895

9.8CVSS0.00554EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 11:35 a.m.•3 views

CVE-2021-41609

SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection...

9.8CVSS8AI score0.02105EPSS

Exploits1References1

OSV•added 2026/01/07 7:29 p.m.•1 views

GHSA-CH7P-MPV4-4VG4 CoreShop Vulnerable to SQL Injection via Admin Reports

Affected Versions - CoreShop 4.1.2 Demo tested Demo | CoreShop - Earlier versions may also be affected if the same code path exists Summary A blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using...

4.9CVSS7.9AI score0.00391EPSS

Exploits1References4

OSV•added 2025/12/15 9:15 p.m.•1 views

CVE-2023-53877

Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...

9.8CVSS5.8AI score0.00385EPSS

Exploits1References3

Cvelist•added 2025/12/15 8:28 p.m.•18 views

CVE-2023-53877 Bus Reservation System 1.1 Multiple SQL Injection via pickup_id Parameter

9.3CVSS0.00385EPSS

Exploits1References3

CVE•added 2025/12/15 8:28 p.m.•7 views

CVE-2023-53877

CVE-2023-53877 affects Bus Reservation System 1.1. The vulnerability is a SQL injection in the pickup_id parameter, enabling attackers to manipulate database queries. Techniques cited: boolean-based , error-based , and time-based blind SQL injection to steal information from the database. Practic...

9.8CVSS7.3AI score0.00385EPSS

Exploits1References3Affected Software1

RedhatCVE•added 2025/12/12 10:17 p.m.•4 views

CVE-2024-58290

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

9.3CVSS7.7AI score0.0032EPSS

Exploits2References1

NVD•added 2025/12/11 10:15 p.m.•1 views

CVE-2024-58290

9.3CVSS0.0032EPSS

Exploits2References3

Vulnrichment•added 2025/12/11 9:34 p.m.•4 views

CVE-2024-58290 Xhibiter NFT Marketplace 1.10.2 SQL Injection via Collections Endpoint

9.3CVSS7.3AI score0.0032EPSS

Exploits2References3

CVE•added 2025/12/11 9:34 p.m.•9 views

CVE-2024-58290

Xhibiter NFT Marketplace 1.10.2 (and below) is affected by a SQL injection in the /collections endpoint via the id parameter. Exploitation is described as boolean-based, time-based, and UNION-based injections that can potentially exfiltrate or manipulate database information. A PoC/exploit exists...

9.3CVSS7.3AI score0.0032EPSS

Exploits2References3

Positive Technologies•added 2025/12/11 12:0 a.m.•4 views

PT-2025-50744

Name of the Vulnerable Software and Affected Versions Xhibiter NFT Marketplace version 1.10.2 Description The Xhibiter NFT Marketplace software has a SQL injection issue in the collections endpoint. An attacker can manipulate database queries by using the id parameter. Boolean-based, time-based,...

9.3CVSS7.5AI score0.0032EPSS

Exploits2References8

RedhatCVE•added 2025/11/19 11:14 p.m.•3 views

CVE-2025-65093

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query...

5.5CVSS7.9AI score0.03152EPSS

Exploits1References1

EUVD•added 2025/11/18 11:2 p.m.•4 views

EUVD-2025-198051

5.5CVSS7.4AI score0.03152EPSS

Exploits1References2

Vulnrichment•added 2025/11/18 11:2 p.m.•2 views

CVE-2025-65093 LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

5.5CVSS7.5AI score0.03152EPSS

Exploits1References1

Rows per page