CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/30 2:55 p.m.•8 views

CVE-2018-25411 MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

Vulnrichment•added 2026/05/30 2:55 p.m.•7 views

CVE-2018-25407 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

Cvelist•added 2026/05/30 2:55 p.m.•28 views

CVE-2018-25407 eNdonesia Portal 8.7 SQL Injection via mod.php

8.8CVSS0.0009EPSS

EUVD•added 2026/05/30 2:55 p.m.•4 views

EUVD-2018-21929

ATTACKERKB•added 2026/05/30 2:55 p.m.•5 views

CVE-2018-25407

Exploits0References4Affected Software1

CVE•added 2026/05/30 2:55 p.m.•12 views

CVE-2018-25405

The CVE-2018-25405 entry describes SQL injection vulnerabilities in eNdonesia Portal 8.7. Specifically, unauthenticated attackers can inject SQL through mod.php parameters artid, cid, did, contid, and aboutid to retrieve sensitive data (usernames, database names, version details). Metrics show CV...

ATTACKERKB•added 2026/05/30 2:55 p.m.•5 views

CVE-2018-25405

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/30 2:55 p.m.•7 views

CVE-2018-25405 eNdonesia Portal 8.7 SQL Injection via mod.php

Cvelist•added 2026/05/30 9:28 a.m.•37 views

CVE-2026-9757 GEO my WP <= 4.5.5 - Unauthenticated SQL Injection via 'swlatlng' / 'nelatlng' Parameters

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

7.5CVSS0.00114EPSS

Exploits0References8

RedhatCVE•added 2026/05/30 8:13 a.m.•9 views

CVE-2026-45288

Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...

9.8CVSS5.9AI score0.00038EPSS

Exploits0References1

GithubExploit•added 2026/05/30 6:19 a.m.•42 views

exploit_db.md

e...

5.8AI score

Exploits0

Fedora•added 2026/05/30 12:55 a.m.•9 views

[SECURITY] Fedora 44 Update: pdns-5.0.5-1.fc44

The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only name server. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database...

8.6CVSS5.8AI score0.00024EPSS

Exploits0

Positive Technologies•added 2026/05/30 12:0 a.m.•6 views

PT-2026-45116

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

Positive Technologies•added 2026/05/30 12:0 a.m.•7 views

PT-2026-45115

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers can send GET requests to director.php with crafted SQL payloads in the director parameter to...

Positive Technologies•added 2026/05/30 12:0 a.m.•5 views

PT-2026-45114

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...

Positive Technologies•added 2026/05/30 12:0 a.m.•6 views

PT-2026-45107

CNNVD•added 2026/05/30 12:0 a.m.•4 views

Yot CMS SQL注入漏洞

Yot CMS is a content management system developed by Yot Corporation. Version 3.3.1 of Yot CMS has a SQL injection vulnerability. This vulnerability stems from the use of parameters named aid and cid, which can allow unauthorized attackers to execute arbitrary SQL queries by injecting malicious...

CNNVD•added 2026/05/30 12:0 a.m.•6 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the year parameter, potentially allowing unauthenticated attackers to execute...

CNNVD•added 2026/05/30 12:0 a.m.•6 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the ‘genre’ parameter, which may allow unauthenticated attackers to execute...