CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1916 matches found

ATTACKERKB•added 2026/01/27 4:32 p.m.•4 views

CVE-2026-1481

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosanyosigverauto.aspx', could allow an attacker to...

9.3CVSS5.8AI score0.00327EPSS

Exploits0References2

Vulnrichment•added 2026/01/27 4:31 p.m.•4 views

CVE-2026-1480 Out-of-band SQL injection in Quatuor Performance Evaluation

9.3CVSS5.8AI score0.00327EPSS

Exploits0References1

Vulnrichment•added 2026/01/27 4:30 p.m.•3 views

CVE-2026-1478 Out-of-band SQL injection in Quatuor Performance Evaluation

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion’ in ‘/evaluacionhcaevalua.aspx’, could allow an attacker ...

9.3CVSS5.8AI score0.00327EPSS

Exploits0References1

ATTACKERKB•added 2026/01/27 4:30 p.m.•4 views

CVE-2026-1478

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion’ in ‘/evaluacionhcaevalua.aspx’, could allow an attacker ...

9.3CVSS5.8AI score0.00327EPSS

Exploits0References2

CVE•added 2026/01/27 4:30 p.m.•12 views

CVE-2026-1477

CVE-2026-1477 affects the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. Affected component: API endpoints handling the parameters in the old evaluation page (/evaluacion_competencias_evalua_old.aspx), specifically Id_usuario and Id_evaluacion. Root cause: out-of-ba...

9.3CVSS5.8AI score0.00327EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/01/27 4:28 p.m.•1 views

CVE-2026-1475

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter ‘Idusuario' in ‘/evaluacionaccionesevalua.aspx’, could allow an attacker to extract...

9.3CVSS5.8AI score0.00327EPSS

Exploits0References2

CVE•added 2026/01/27 4:28 p.m.•11 views

CVE-2026-1475

CVE-2026-1475 affects Gabinete Técnico de Programación’s Performance Evaluation (EDD) application. Affected component: the out‑of‑band SQL injection in the Id_usuario parameter of /evaluacion_acciones_evalua.aspx. Root cause is an SQL injection that allows extracting sensitive data via external c...

9.3CVSS5.8AI score0.00327EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/01/27 4:27 p.m.•3 views

CVE-2026-1474

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion' en ‘/evaluacioninicio.aspx’, could allow an attacker to...

9.3CVSS5.8AI score0.00327EPSS

Exploits0References2

ATTACKERKB•added 2026/01/27 4:26 p.m.•2 views

CVE-2026-1472

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'txAny' in '/evaluacioncompetenciasautoevallist.aspx', could allow an attacker to extra...

9.3CVSS5.8AI score0.00327EPSS

Exploits0References2

OSV•added 2026/01/27 4:16 p.m.•4 views

CVE-2020-36947

LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve...

6.5CVSS5.7AI score

Exploits0References5

Vulnrichment•added 2026/01/27 3:23 p.m.•4 views

CVE-2021-47902 Testa Online Test Management System 3.4.7 - 'q' SQL Injection

Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. Attackers can inject malicious SQL code in the search field to extract database information, potentially accessing sensitive user...

8.8CVSS6AI score0.0024EPSS

Exploits0References3

Cvelist•added 2026/01/27 3:23 p.m.•24 views

CVE-2020-36951 Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection

Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to...

8.8CVSS0.00297EPSS

Exploits0References3

CVE•added 2026/01/27 3:23 p.m.•10 views

CVE-2020-36951

Phpscript-sgh 0.1.0 is affected by a time-based blind SQL injection in the admin interface, exploitable via the id parameter. Attackers can craft payloads to induce time delays and exfiltrate data from the database through conditional sleep techniques. The vulnerability is documented with high-se...

8.8CVSS5.9AI score0.00297EPSS

Exploits0References3

Cvelist•added 2026/01/27 3:23 p.m.•22 views

CVE-2020-36947 LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection

7.1CVSS0.00399EPSS

Exploits1References5

ATTACKERKB•added 2026/01/27 3:23 p.m.•5 views

CVE-2020-36947

7.1CVSS6AI score0.00399EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2026/01/27 12:0 a.m.•4 views

PT-2026-4975

Name of the Vulnerable Software and Affected Versions Performance Evaluation EDD application affected versions not specified Description An out-of-band SQL injection flaw exists in the Performance Evaluation EDD application by Gabinete Técnico de Programación. Successful exploitation allows an...

9.3CVSS5.9AI score0.00327EPSS

Exploits0References5

Positive Technologies•added 2026/01/27 12:0 a.m.•6 views

PT-2026-4980

Name of the Vulnerable Software and Affected Versions Performance Evaluation EDD application versions affected versions not specified Description An out-of-band SQL injection OOB SQLi issue exists in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación...

9.3CVSS5.9AI score0.00327EPSS

Exploits0References4

Positive Technologies•added 2026/01/27 12:0 a.m.•4 views

PT-2026-4973

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id usuario' in ‘/evaluacion acciones ver auto.aspx’, could allow an attacker to extrac...

9.3CVSS5.8AI score0.00327EPSS

Exploits0References2

Positive Technologies•added 2026/01/27 12:0 a.m.•5 views

PT-2026-4926

Name of the Vulnerable Software and Affected Versions LibreNMS version 1.46 Description LibreNMS version 1.46 contains an authenticated SQL injection issue in the MAC accounting graph endpoint. This allows remote attackers to extract database information by manipulating the sort parameter with...

7.1CVSS5.7AI score0.00399EPSS

Exploits1References10

RedhatCVE•added 2026/01/25 9:16 a.m.•7 views

CVE-2026-0806

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS5.9AI score0.00371EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by