CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/23 2:2 a.m.•8 views

CVE-2023-33366

A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands...

8.8CVSS8.1AI score0.0008EPSS

RedhatCVE•added 2025/05/23 1:11 a.m.•6 views

CVE-2022-36255

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt"...

7.5CVSS8.6AI score0.00323EPSS

RedhatCVE•added 2025/05/23 1:7 a.m.•8 views

CVE-2022-46898

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...

9.8CVSS7.4AI score0.0013EPSS

RedhatCVE•added 2025/05/23 12:54 a.m.•5 views

CVE-2022-47072

SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box...

9.8CVSS8.2AI score0.00086EPSS

RedhatCVE•added 2025/05/23 12:35 a.m.•3 views

CVE-2022-42120

A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' namespace attribute...

9.8CVSS8.6AI score0.00815EPSS

RedhatCVE•added 2025/05/23 12:19 a.m.•18 views

CVE-2022-45889

Planet eStream before 6.72.10.07 allows a remote attacker who is a publisher or admin to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search the StatisticsResults.aspx flt parameter...

7.2CVSS7.8AI score0.01031EPSS

Exploits3References1

RedhatCVE•added 2025/05/22 11:7 p.m.•20 views

CVE-2022-35603

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...

9.8CVSS8.7AI score0.00245EPSS

RedhatCVE•added 2025/05/22 10:10 p.m.•3 views

CVE-2022-36259

A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc...

7.5CVSS8.6AI score0.00323EPSS

RedhatCVE•added 2025/05/22 9:55 p.m.•4 views

CVE-2022-35598

A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username...

9.8CVSS8.7AI score0.00245EPSS

RedhatCVE•added 2025/05/22 9:53 p.m.•4 views

CVE-2022-36256

A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode"...

7.5CVSS8.6AI score0.00323EPSS

RedhatCVE•added 2025/05/22 9:35 p.m.•3 views

CVE-2021-43329

A SQL injection vulnerability in licenseupdate.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary SQL commands via the license parameter...

9.8CVSS8.8AI score0.09368EPSS

RedhatCVE•added 2025/05/22 9:8 p.m.•4 views

CVE-2021-45811

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

6.5CVSS8.3AI score0.6313EPSS

RedhatCVE•added 2025/05/22 8:6 p.m.•8 views

CVE-2021-37556

A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated but low-privileged attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csvHostGroupLogs.php start and end parameters...

8.8CVSS8.4AI score0.34327EPSS

RedhatCVE•added 2025/05/22 8:5 p.m.•4 views

CVE-2021-37522

SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js...

9.8CVSS8.3AI score0.00287EPSS

RedhatCVE•added 2025/05/22 7:58 p.m.•15 views

CVE-2021-36503

SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file...

9.8CVSS8.3AI score0.00478EPSS

RedhatCVE•added 2025/05/22 7:58 p.m.•8 views

CVE-2021-36431

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jojsoncheck function in jocms/apps/mask/inc/mask.php...

9.1CVSS8.1AI score0.00214EPSS

RedhatCVE•added 2025/05/22 7:58 p.m.•9 views

CVE-2021-36433

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jodeletemask function in jocms/apps/mask/mask.php...

9.1CVSS8.1AI score0.00214EPSS

RedhatCVE•added 2025/05/22 7:42 p.m.•6 views

CVE-2021-31650

A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter...

9.8CVSS8.8AI score0.00488EPSS

RedhatCVE•added 2025/05/22 7:35 p.m.•3 views

CVE-2021-29350

SQL injection in the getip function in conn/function.php in 发货100-设计素材下载系统 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/productadd.php...

7.2CVSS8.3AI score0.00506EPSS