Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

233688 matches found

NVD
NVDadded 2026/06/01 6:16 a.m.11 views

CVE-2026-10225

A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...

7.5CVSS0.00044EPSS
Exploits0References6
NVD
NVDadded 2026/06/01 6:16 a.m.7 views

CVE-2026-10226

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS0.00044EPSS
Exploits0References6
Nuclei
Nucleiadded 2026/06/01 5:38 a.m.32 views

PuneethReddyHC Online Shopping System homeaction.php SQL Injection

An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php catid parameter. Using a post request does not sanitize the user input. id: CVE-2021-41649 info: name: PuneethReddyHC Online Shopping System homeaction.php SQL Injection...

9.8CVSS7.4AI score0.91916EPSS
Exploits2References5
Nuclei
Nucleiadded 2026/06/01 5:38 a.m.174 views

Drupal SQL Injection

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys. id: CVE-2014-3704 info: name: Drupal SQL...

7.5CVSS7AI score0.94366EPSS
Exploits20References7
Nuclei
Nucleiadded 2026/06/01 5:38 a.m.167 views

MOVEit Transfer - Remote Code Execution

In Progress MOVEit Transfer before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database...

9.8CVSS7.4AI score0.94254EPSS
Exploits15References5
Nuclei
Nucleiadded 2026/06/01 5:38 a.m.39 views

Car Rental Management System 1.0 - Local File Inclusion

Car Rental Management System 1.0 allows an unauthenticated user to perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, leading to code execution. id: CVE-2020-29227 info: name: Car Rental Management System 1.0 - Local File Inclusion author:...

9.8CVSS7.6AI score0.93408EPSS
Exploits1References5
Nuclei
Nucleiadded 2026/06/01 5:38 a.m.95 views

Ivanti EPM - Remote Code Execution

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. id: CVE-2024-29824 info: name: Ivanti EPM - Remote Code Execution author: DhiyaneshDK severity: critical description: | ...

9.6CVSS7.8AI score0.93975EPSS
Exploits5References4
Nuclei
Nucleiadded 2026/06/01 5:38 a.m.44 views

WP-Recall <= 16.26.5 - SQL Injection

The WP-Recall Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 16.26.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

9.3CVSS5.9AI score0.92914EPSS
Exploits0References3
Nuclei
Nucleiadded 2026/06/01 5:38 a.m.34 views

WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection

The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

9.8CVSS5.9AI score0.8312EPSS
Exploits4References3
Nuclei
Nucleiadded 2026/06/01 5:38 a.m.176 views

PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection

A SQL injection vulnerability in the productalloneimg and imageproduct parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. id: CVE-2022-22897 info: name: PrestaShop AP Pagebuilder = 2.4.4 - SQL Injection...

9.8CVSS7.3AI score0.91045EPSS
Exploits3References3
ATTACKERKB
ATTACKERKBadded 2026/06/01 5:15 a.m.8 views

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

7.5CVSS6.7AI score0.00044EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/01 5:15 a.m.4 views

CVE-2026-10227 raisulislamg4 student_management_system_by_php User Creation add_user_check.php sql injection

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

7.5CVSS6.7AI score0.00044EPSS
Exploits0References6
EUVD
EUVDadded 2026/06/01 5:15 a.m.10 views

EUVD-2026-33560

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

7.5CVSS5.4AI score0.00044EPSS
Exploits0References6
CVE
CVEadded 2026/06/01 5:15 a.m.10 views

CVE-2026-10227

CVE-2026-10227 affects the project “raisulislamg4 student_management_system_by_php” (unknown version range) via an SQL injection in an argument within add_user_check.php of the User Creation Handler. According to the description, manipulating the role parameter enables remote exploitation, and th...

7.5CVSS6.7AI score0.00044EPSS
Exploits0References6
CVE
CVEadded 2026/06/01 5:0 a.m.11 views

CVE-2026-10226

CVE-2026-10226 affects the project raisulislamg4 student_management_system_by_php (file delete.php). The issue is a SQL injection that can be triggered by manipulating arguments such as user_id, course_id, teacher_id, student_id, or application_id. The vulnerability is exploitable remotely and ex...

7.5CVSS6.8AI score0.00044EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/06/01 5:0 a.m.10 views

CVE-2026-10226

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS6.8AI score0.00044EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/01 5:0 a.m.37 views

CVE-2026-10226 raisulislamg4 student_management_system_by_php delete.php sql injection

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS0.00044EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/01 5:0 a.m.6 views

CVE-2026-10226 raisulislamg4 student_management_system_by_php delete.php sql injection

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS6.8AI score0.00044EPSS
Exploits0References6
EUVD
EUVDadded 2026/06/01 5:0 a.m.7 views

EUVD-2026-33559

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

7.5CVSS5.6AI score0.00044EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/01 4:45 a.m.29 views

CVE-2026-10225 raisulislamg4 student_management_system_by_php Login login_check.php sql injection

A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...

7.5CVSS0.00044EPSS
Exploits0References6
Rows per page
Query Builder