CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1304 matches found

Positive Technologies•added 2026/01/13 12:0 a.m.•5 views

PT-2026-2337

Name of the Vulnerable Software and Affected Versions SAP S/4HANA Private Cloud and On-Premise Financials General Ledger affected versions not specified Description The issue stems from inadequate input validation within the SAP S/4HANA Financials General Ledger component. An authenticated user c...

9.9CVSS6.2AI score0.00414EPSS

Exploits0References16

RedhatCVE•added 2026/01/09 11:26 a.m.•6 views

CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

7.5CVSS7.5AI score0.01115EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:45 a.m.•8 views

CVE-2022-0658

The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection...

9.8CVSS7.3AI score0.08852EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 8:45 a.m.•3 views

CVE-2025-40735

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database...

8.8CVSS8.9AI score0.0046EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:43 a.m.•6 views

CVE-2022-42477

An improper input validation vulnerability CWE-20 in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries...

7.1CVSS7AI score0.00187EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:43 a.m.•8 views

CVE-2022-42428

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

8.8CVSS7.2AI score0.0287EPSS

Exploits0References1

OSV•added 2025/12/17 5:15 p.m.•3 views

CVE-2025-67285

A SQL injection vulnerability was found in the '/cts/admin/?page=zone' file of ITSourcecode COVID Tracking System Using QR-Code v1.0. The reason for this issue is that attackers inject malicious code from the parameter 'id' and use it directly in SQL queries without the need for appropriate...

7.3CVSS5.8AI score0.00171EPSS

Exploits1References1

Snyk•added 2025/11/01 6:33 a.m.•2 views

SQL Injection

Overview fosslight-binary is a FOSSLight Binary Scanner Affected versions of this package are vulnerable to SQL Injection due to unsanitized string formatting of filename-, hecksum-, and TLSH-derived values into SQL queries. An attacker can view, modify, or delete data in the underlying database,...

8.3CVSS8.1AI score

Exploits0References3

Hacker One•added 2025/10/29 4:0 a.m.•10 views

Revive Adserver: Information Disclosure via Verbose Error Messages

Version: ==revive-adserver 6.0.0== Summary: Revive Adserver v6.0.0 exposes sensitive technical details through verbose error messages, revealing the exact MySQL/MariaDB version, SQL queries, and PHP environment details. Attackers can use this information to identify known vulnerabilities or craft...

4.3CVSS7.4AI score0.00307EPSS

Exploits1

CNVD•added 2025/10/21 12:0 a.m.•2 views

WordPress External Login plugin Information Disclosure Vulnerability

The WordPress External Login plugin is mainly used to integrate WordPress login functionality with an external database system, allowing users to log in to the site directly through an external account. An information disclosure vulnerability exists in the WordPress External Login plugin, which...

4.3CVSS6.7AI score0.00245EPSS

Exploits0References1