CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

931 matches found

Positive Technologies•added 2026/02/06 12:0 a.m.•3 views

PT-2026-6739

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...

7.1CVSS5.8AI score0.00214EPSS

Exploits0References4

Packet Storm News•added 2026/02/06 12:0 a.m.•4 views

YARA-X 1.13.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

5.4AI score

Exploits0

Positive Technologies•added 2026/02/06 12:0 a.m.•5 views

PT-2026-6742

TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to extract or manipulate database information...

7.1CVSS5.8AI score0.00214EPSS

Exploits0References4

Vulnrichment•added 2026/02/05 3:25 p.m.•4 views

CVE-2020-37151 phpMyChat Plus 1.98 'deluser.php' SQL Injection

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmcusername parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database...

8.8CVSS5.6AI score0.00383EPSS

Exploits1References3

EUVD•added 2026/02/05 3:25 p.m.•5 views

EUVD-2020-31050

8.8CVSS5.6AI score0.00383EPSS

Exploits1References3

CVE•added 2026/02/03 10:1 p.m.•11 views

CVE-2020-37076

Victor CMS 1.0 is affected by a SQL injection in the post parameter of post.php. The vulnerability allows remote attackers to manipulate database queries using crafted UNION SELECT payloads to extract information via boolean-based, error-based, and time-based techniques. Reported across multiple ...

8.8CVSS5.8AI score0.00365EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/02/03 10:1 p.m.•27 views

CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS0.00365EPSS

Exploits1References3

ATTACKERKB•added 2026/02/03 10:1 p.m.•4 views

CVE-2020-37076

8.8CVSS5.8AI score0.00365EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/02/03 10:1 p.m.•1 views

CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection

8.8CVSS5.7AI score0.00365EPSS

Exploits1References3

Positive Technologies•added 2026/02/03 12:0 a.m.•4 views

PT-2026-5827

8.8CVSS5.9AI score0.00365EPSS

Exploits1References4

Github Security Blog•added 2026/01/29 3:32 p.m.•11 views

Unfurl's debug mode cannot be disabled due to string config parsing (Werkzeug debugger exposure)

Summary The Unfurl web app enables Flask debug mode even when configuration sets debug = False. The config value is read as a string and passed directly to app.rundebug=..., so any non-empty string evaluates truthy. This leaves the Werkzeug debugger active by default. Details - unfurl/app.py:weba...

6.3AI score

Exploits0References3Affected Software1

Packet Storm News•added 2026/01/28 12:0 a.m.•2 views

YARA-X 1.12.0

5.9AI score

Exploits0

Tenable Nessus•added 2026/01/26 12:0 a.m.•6 views

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2026-50071)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50071 advisory. 5.4.17-2136.351.3.3 - crypto: afalg - Fix incorrect boolean values in afalgctx Eric Biggers Orabug: 38884602 CVE-2025-40022 Tenable has extracted the...

6.7AI score0.00175EPSS

Exploits0References2

NVD•added 2026/01/15 4:16 p.m.•2 views

CVE-2021-47766

Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to...

7.1CVSS0.00239EPSS

Exploits0References2

EUVD•added 2026/01/15 3:52 p.m.•4 views

EUVD-2026-2773

7.1CVSS7.3AI score0.00239EPSS

Exploits0References4

Positive Technologies•added 2026/01/15 12:0 a.m.•3 views

PT-2026-3042

7.1CVSS7.8AI score0.00239EPSS

Exploits0References3

RedhatCVE•added 2026/01/14 11:18 p.m.•2 views

CVE-2022-50895

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

9.8CVSS7.7AI score0.00554EPSS

Exploits1References1

OSV•added 2026/01/13 11:15 p.m.•3 views

CVE-2022-50895

9.8CVSS5.9AI score0.00554EPSS

Exploits1References4

NVD•added 2026/01/13 11:15 p.m.•2 views

CVE-2022-50895

9.8CVSS0.00554EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 11:35 a.m.•3 views

CVE-2021-41609

SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection...

9.8CVSS8AI score0.02105EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by