CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/26 8:14 p.m.•8 views

CVE-2026-9411

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...

6.5CVSS6.4AI score0.00031EPSS

RedhatCVE•added 2026/05/26 8:14 p.m.•12 views

CVE-2026-9447

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

RedhatCVE•added 2026/05/26 8:14 p.m.•8 views

CVE-2026-9356

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/managehistory.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...

RedhatCVE•added 2026/05/26 8:14 p.m.•6 views

CVE-2026-9355

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

EUVD•added 2026/05/26 7:30 p.m.•11 views

EUVD-2026-31963

A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit h...

Cvelist•added 2026/05/26 7:30 p.m.•27 views

CVE-2026-9575 itsourcecode Student Transcript Processing System index.php sql injection

7.5CVSS0.00039EPSS

CVE•added 2026/05/26 7:30 p.m.•8 views

CVE-2026-9575

CVE-2026-9575 affects the itsourcecode Student Transcript Processing System 1.0. The flaw arises from improper handling of the ID argument in the PHP file at /admin/modules/class/index.php?view=view, enabling SQL injection. It is a remote, unauthenticated risk with PoC-level exploit maturity and ...

ATTACKERKB•added 2026/05/26 7:30 p.m.•7 views

CVE-2026-9575

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/26 7:15 p.m.•10 views

CVE-2026-9574 itsourcecode Student Transcript Processing System trans.php sql injection

A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the argument studentId/cid can lead to sql injection. The attack can be launched remotely. The exploit...

ATTACKERKB•added 2026/05/26 7:15 p.m.•6 views

CVE-2026-9574

Exploits0References5Affected Software1

Cvelist•added 2026/05/26 7:15 p.m.•27 views

CVE-2026-9574 itsourcecode Student Transcript Processing System trans.php sql injection

7.5CVSS0.00039EPSS

Cvelist•added 2026/05/26 7:0 p.m.•28 views

CVE-2026-9573 itsourcecode Student Transcript Processing System index.php sql injection

A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated remotely. The explo...

7.5CVSS0.00039EPSS

ATTACKERKB•added 2026/05/26 7:0 p.m.•7 views

CVE-2026-9573

7.5CVSS7AI score0.00039EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/26 7:0 p.m.•6 views

CVE-2026-9573 itsourcecode Student Transcript Processing System index.php sql injection

7.5CVSS7AI score0.00039EPSS

NVD•added 2026/05/26 6:16 p.m.•11 views

CVE-2026-46624

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS0.00204EPSS

Exploits1References1

Patchstack•added 2026/05/26 5:33 p.m.•6 views

WordPress EnvíaloSimple: Email Marketing y Newsletters plugin <= 2.4.5 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Maurice Fielenbach Hexastrike - Hexastrike Cybersecurity UG haftungsbeschränkt in WordPress Plugin EnvíaloSimple versions = 2.4.5...

4.9CVSS5.9AI score0.00036EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/26 5:16 p.m.•9 views

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS0.00783EPSS

Exploits2References5

NVD•added 2026/05/26 5:16 p.m.•9 views

CVE-2026-35222

Improperly validated order clauses lead to a SQL injection vulnerability in comtags...

9.8CVSS0.00003EPSS

NVD•added 2026/05/26 5:16 p.m.•8 views

CVE-2025-36220

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

9.8CVSS0.00049EPSS