CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 7:8 p.m.•6 views

CVE-2021-20678

SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

8.8CVSS8.2AI score0.02493EPSS

RedhatCVE•added 2025/05/22 6:53 p.m.•5 views

CVE-2021-43971

A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter...

8.8CVSS8.3AI score0.00583EPSS

RedhatCVE•added 2025/05/22 6:48 p.m.•9 views

CVE-2021-40595

SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leavesystem/classes/Login.php...

9.8CVSS8.6AI score0.00441EPSS

RedhatCVE•added 2025/05/22 6:47 p.m.•5 views

CVE-2021-43420

SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter...

9.8CVSS8.6AI score0.00264EPSS

RedhatCVE•added 2025/05/22 6:34 p.m.•5 views

CVE-2021-32953

An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login...

9.8CVSS7.6AI score0.00224EPSS

RedhatCVE•added 2025/05/22 5:46 p.m.•4 views

CVE-2020-29143

A SQL injection vulnerability in interface/reports/nonreported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the formcode parameter...

RedhatCVE•added 2025/05/22 5:45 p.m.•6 views

CVE-2020-29139

A SQL injection vulnerability in interface/main/finder/patientselect.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter...

RedhatCVE•added 2025/05/22 5:0 p.m.•9 views

CVE-2020-15887

A SQL injection vulnerability in softwareupdatecontroller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/gettabdata/ endpoint...

8.8CVSS8.6AI score0.00374EPSS

RedhatCVE•added 2025/05/22 4:37 p.m.•5 views

CVE-2020-35337

ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands...

9.8CVSS8.5AI score0.00527EPSS

RedhatCVE•added 2025/05/22 4:36 p.m.•7 views

CVE-2020-29437

SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsFormprofileUserId parameter to the buzz/loadMoreProfile endpoint...

8.1CVSS8.4AI score0.01236EPSS

RedhatCVE•added 2025/05/22 4:29 p.m.•4 views

CVE-2020-21012

Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details...

9.8CVSS9AI score0.15187EPSS

RedhatCVE•added 2025/05/22 4:20 p.m.•5 views

CVE-2020-14443

A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter...

8.8CVSS8.2AI score0.00295EPSS

RedhatCVE•added 2025/05/22 4:17 p.m.•11 views

CVE-2020-13640

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. No 7.x versions are affected...

9.8CVSS8.8AI score0.73948EPSS

RedhatCVE•added 2025/05/22 4:11 p.m.•5 views

CVE-2020-12013

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A 9.50.255.02; ICONICS GenBroker6...

9.1CVSS7.8AI score0.00906EPSS

RedhatCVE•added 2025/05/22 3:46 p.m.•4 views

CVE-2020-21662

SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF...

9.8CVSS8.3AI score0.00502EPSS

RedhatCVE•added 2025/05/22 3:39 p.m.•5 views

CVE-2020-5651

SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL...

8.8CVSS8.7AI score0.00747EPSS

RedhatCVE•added 2025/05/22 3:31 p.m.•8 views

CVE-2020-35378

SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields...

9.8CVSS9.2AI score0.00537EPSS

RedhatCVE•added 2025/05/22 3:28 p.m.•6 views

CVE-2020-29142

A SQL injection vulnerability in interface/usergroup/usergroupadmin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedulefacility parameter when restrictuserfacility=on is in global settings...

RedhatCVE•added 2025/05/22 3:28 p.m.•3 views

CVE-2020-29140

A SQL injection vulnerability in interface/reports/immunizationreport.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the formcode parameter...