CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

764 matches found

RedhatCVE•added 2026/01/07 9:49 a.m.•6 views

CVE-2022-27927

A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable coursecode and/or customernumber parameter...

9.8CVSS7.9AI score0.1363EPSS

Exploits4References1

Veracode•added 2025/12/13 5:1 a.m.•7 views

Remote Code Execution (RCE)

MySQL Connector/J is vulnerable to Remote Code Execution RCE. The vulnerability is due to an unspecified flaw in Connector/J that allows an unauthenticated attacker with network access to compromise the connector through user interaction, potentially resulting in complete takeover of the affected...

8.3CVSS7.3AI score0.00872EPSS

Exploits0References5Affected Software2

Vulnrichment•added 2025/12/07 6:2 p.m.•2 views

CVE-2025-14201 alokjaiswal Hotel-Management-services-using-MYSQL-and-php dishsub.php cross site scripting

A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected by this vulnerability is an unknown functionality of the file /dishsub.php. The manipulation of the argument item.name results in cross site scripting. I...

4.8CVSS5.4AI score0.00233EPSS

Exploits1References4

GithubExploit•added 2025/11/25 7:32 a.m.•155 views

Exploit for Unrestricted Upload of File with Dangerous Type in Skittles Employee_Records_System

CVE-2021-4462 Test Environment Docker-based test environment...

9.8CVSS7.3AI score0.02988EPSS

Exploits2

RedhatCVE•added 2025/11/21 1:34 p.m.•5 views

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

6.9CVSS6.7AI score0.0023EPSS

Exploits0References1

NVD•added 2025/11/20 3:17 p.m.•8 views

CVE-2025-41076

6.9CVSS0.0023EPSS

Exploits0References1

Cvelist•added 2025/11/19 4:41 p.m.•11 views

CVE-2025-12743 SQL Injection in Looker Project Generation Endpoint Allows Access to Internal MySQL Database

The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT...

6CVSS0.0024EPSS

Exploits0References2