CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

230 matches found

CVE-2018-25413

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS0.00068EPSS

Exploits0References4

Vulnrichment•added 5 days ago•4 views

CVE-2018-25413 AiOPMSD Final 1.0.0 SQL Injection via search.php

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4

ATTACKERKB•added 5 days ago•6 views

CVE-2018-25413

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4Affected Software1

CVE•added 5 days ago•13 views

CVE-2018-25413

AiOPMSD Final 1.0.0 is affected by an SQL injection in search.php via the q parameter, allowing unauthenticated attackers to execute arbitrary SQL and enumerate usernames, database names, and version details. The CVE entry includes CVSS scores (3.1: base 8.2 HIGH network/low integrity; 4.0: base ...

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4

Positive Technologies•added 5 days ago•5 views

PT-2026-45113

8.8CVSS6.1AI score0.00068EPSS

Exploits0References5

RedhatCVE•added 2026/04/01 11:1 p.m.•2 views

CVE-2026-34400

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

9.8CVSS5.8AI score0.00018EPSS

Exploits0References1

OSV•added 2026/03/31 11:23 p.m.•2 views

GHSA-8PRR-286P-4W7J alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Impact The Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. Patches Fixed in v9.1.0. The Postgres query parser now uses parameterized queries wit...

6.9CVSS5.9AI score0.00018EPSS

Exploits0References8

Snyk•added 2026/03/31 11:23 p.m.•2 views

SQL Injection

Overview alerta-server is an Alerta server WSGI application Affected versions of this package are vulnerable to SQL Injection in the q parameter of the query string API due to direct interpolation of user-supplied input into SQL statements using f-strings. An attacker can execute arbitrary SQL...

9.8CVSS6.1AI score0.00018EPSS

Exploits0References2

NVD•added 2026/03/12 4:16 p.m.•1 views

CVE-2019-25513

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind...

9.8CVSS0.0041EPSS

Exploits1References2

Vulnrichment•added 2026/03/12 3:36 p.m.•1 views

CVE-2019-25513 Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection via datagetir.php

8.8CVSS5.9AI score0.0041EPSS

Exploits1References2

CNNVD•added 2026/03/12 12:0 a.m.•3 views

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Preconfigured News Sites Script is a content management system developed by the Turkish company Jettweb. The Jettweb PHP Preconfigured News Sites Script V3 version has a SQL injection vulnerability. This vulnerability stems from the q parameter, which allows for SQL injections. It cou...

9.8CVSS5.9AI score0.0041EPSS

Exploits1References2

NVD•added 2026/03/08 10:15 p.m.•1 views

CVE-2026-3771

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...

8.8CVSS0.00037EPSS

Exploits1References4

Positive Technologies•added 2026/03/08 12:0 a.m.•2 views

PT-2026-23984

Name of the Vulnerable Software and Affected Versions SourceCodester/janobe Resort Reservation System version 1.0 Description A SQL injection issue exists in SourceCodester/janobe Resort Reservation System version 1.0. The issue is located in the /accomodation.php file. Manipulation of the q...

8.8CVSS6.5AI score0.00037EPSS

Exploits1References7

EUVD•added 2026/03/06 3:31 p.m.•3 views

EUVD-2018-21627

Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/loadproveedores.php endpoint with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.00123EPSS

Exploits0References3

Vulnrichment•added 2026/03/06 12:19 p.m.•2 views

CVE-2018-25172 Pedidos 1.0 SQL Injection via load_proveedores.php

8.8CVSS6.1AI score0.00123EPSS

Exploits0References2

CNNVD•added 2026/03/06 12:0 a.m.•3 views

Pedidos SQL注入漏洞

Pedidos is an order management system developed by the Spanish company Pedidos. Version 1.0 of Pedidos contains a SQL injection vulnerability. This vulnerability stems from the q parameter in the ajax/loadproveedores.php file, which allows for arbitrary SQL queries to be executed and database...

8.8CVSS6AI score0.00123EPSS

Exploits0References2

RedhatCVE•added 2026/03/05 1:57 a.m.•7 views

CVE-2026-26514

An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags e.g., -w, -q via the q parameter. This can be exploited to cause a Denial of Service D...

7.5CVSS6.1AI score0.00205EPSS

Exploits1References1

EUVD•added 2026/03/04 6:31 p.m.•1 views

EUVD-2026-9411

7.5CVSS6.1AI score0.00205EPSS

Exploits1References3

OSV•added 2026/03/04 4:16 p.m.•0 views

CVE-2026-26514

7.5CVSS5.9AI score

Exploits0References2

NVD•added 2026/03/04 4:16 p.m.•2 views

CVE-2026-26514