CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/09/12 7:11 a.m.•1 views

CVE-2025-6189

The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘metakey’ parameter in all versions up to, and including, 2.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

6.5CVSS6.5AI score0.00048EPSS

Cvelist•added 2025/09/10 6:38 a.m.•4 views

CVE-2025-6189 Duplicate Page and Post <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter

6.5CVSS0.00048EPSS

Vulnrichment•added 2025/09/10 6:38 a.m.•2 views

CVE-2025-6189 Duplicate Page and Post <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter

6.5CVSS5.9AI score0.00048EPSS

CVE•added 2025/09/10 6:38 a.m.•18 views

CVE-2025-6189

CVE-2025-6189 affects the WordPress plugin “Duplicate Page and Post” (versions up to 2.9.5). The issue is a time-based SQL Injection via the meta_key parameter caused by insufficient escaping and improper SQL query preparation. Exploitation requires authenticated access at Contributor level or hi...

6.5CVSS5.9AI score0.00048EPSS

CVE•added 2025/08/27 12:0 a.m.•14 views

CVE-2025-50983

Readarr 0.4.15.2787 exposes a SQL Injection in the sortKey parameter of GET /api/v1/wanted/cutoff. The endpoint fails to sanitize user input, enabling arbitrary SQL execution against the backend SQLite DB. Exploitation was confirmed with sqlmap via stacked queries; a heavy query using SQLite RAND...

8.3CVSS8.1AI score0.00064EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2025/08/24 12:13 a.m.•3 views

CVE-2025-55599

D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter fwdswepKey...

9.8CVSS7.2AI score0.00576EPSS

Positive Technologies•added 2025/08/22 12:0 a.m.•3 views

PT-2025-34380 · D Link · D-Link Dir-619L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-619L version 2.06B01 Description: The D-Link DIR-619L device is susceptible to a buffer overflow in the formWlanSetup function through the f wds wepKey parameter. Recommendations: Update to a newer version that contains a fix for...

9.8CVSS7.8AI score0.00576EPSS

Exploits1References5

Positive Technologies•added 2025/08/19 12:0 a.m.•4 views

PT-2025-33814 · Unknown · Smartlibrary +1

Name of the Vulnerable Software and Affected Versions: HRForecast Suite versions 0.4.3 Description: A SQL injection flaw exists in the smartLibrary component. This allows any authenticated user to execute arbitrary SQL queries through crafted payloads to the valueKey parameter. The vulnerability ...

6.5CVSS7.6AI score0.00059EPSS

Exploits0References6

CNNVD•added 2025/08/07 12:0 a.m.•2 views

Itemir M300 Wi-Fi Repeater 安全漏洞

The Itemir M300 Wi-Fi Repeater is a wireless repeater from China-based Itemir. A security vulnerability exists in the Itemir M300 Wi-Fi Repeater that stems from an uncleaned key parameter that could lead to an unauthenticated remote command injection attack...

9.4CVSS7.4AI score0.00509EPSS

ATTACKERKB•added 2025/07/03 7:15 p.m.•1 views

CVE-2025-45809

SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key parameter to the "/key/block" and "/key/unblock" API endpoints...

5.4CVSS6.1AI score0.00229EPSS

Exploits2References3

CNNVD•added 2025/06/06 12:0 a.m.•2 views

WOLFBOX Level 2 EV Charger 安全漏洞

The WOLFBOX Level 2 EV Charger is an electric vehicle charger from WOLFBOX. A security vulnerability exists in the WOLFBOX Level 2 EV Charger that stems from improper handling of the secKey, localKey, stdTimeZone, and devId parameters, which could lead to a heap buffer overflow and remote code...

8.8CVSS9.1AI score0.00231EPSS

RedhatCVE•added 2025/05/23 8:56 a.m.•2 views

CVE-2024-6264

The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$metakey’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00234EPSS

RedhatCVE•added 2025/05/23 8:28 a.m.•2 views

CVE-2024-48283

Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter...

9.8CVSS6AI score0.00112EPSS

RedhatCVE•added 2025/05/23 3:34 a.m.•5 views

CVE-2023-27837

TP-Link TL-WPA8630P US V2 Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub 40A774...

9.8CVSS8AI score0.01433EPSS

RedhatCVE•added 2025/05/23 12:22 a.m.•4 views

CVE-2022-46569

D-Link DIR-882 DIR882A1FW130B06, DIR-878 DIR878FW1.30B08 was discovered to contain a stack overflow via the Key parameter in the SetWLanRadioSecurity module...

7.2CVSS7.8AI score0.0144EPSS