CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/01 11:16 p.m.•5 views

CVE-2026-10297

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /managecourse.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

6.5CVSS0.00037EPSS

Vulnrichment•added 2026/06/01 10:27 p.m.•7 views

CVE-2026-25879 Langroid has Prompt to SQL Injection, Leading to RCE

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...

9.8CVSS6.3AI score0.00104EPSS

NVD•added 2026/06/01 10:16 p.m.•7 views

CVE-2026-10290

A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack can be launched...

7.5CVSS0.00044EPSS

NVD•added 2026/06/01 10:16 p.m.•7 views

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00006EPSS

NVD•added 2026/06/01 10:16 p.m.•7 views

CVE-2018-25430

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive...

7.1CVSS0.00029EPSS

NVD•added 2026/06/01 10:16 p.m.•4 views

CVE-2018-25429

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...

7.1CVSS0.00029EPSS

NVD•added 2026/06/01 10:16 p.m.•5 views

CVE-2018-25433

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter. Attackers can send GET requests to index.php with crafted categoryid values in the...

8.8CVSS0.0009EPSS

NVD•added 2026/06/01 10:16 p.m.•4 views

CVE-2018-25431

No-Cms 1.0 contains an SQL injection vulnerability in the orderby parameter of the manageprivilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manageprivilege/index/export with malicious SQL code in the...

7.1CVSS0.00029EPSS

NVD•added 2026/06/01 10:16 p.m.•5 views

CVE-2018-25428

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

8.8CVSS0.0009EPSS

Cvelist•added 2026/06/01 10:15 p.m.•24 views

CVE-2026-10297 itsourcecode Fees Management System manage_course.php sql injection

6.5CVSS0.00037EPSS

ATTACKERKB•added 2026/06/01 10:15 p.m.•8 views

CVE-2026-10297

6.5CVSS5.7AI score0.00037EPSS

Exploits0References6Affected Software1

CVE•added 2026/06/01 10:15 p.m.•10 views

CVE-2026-10297

The CVE-2026-10297 entry concerns itsourcecode Fees Management System 1.0. An SQL injection vulnerability exists in an unknown area of /manage_course.php triggered by manipulating the ID parameter. The issue allows remote initiation and is accompanied by a publicly available exploit. No vendor na...

6.5CVSS5.7AI score0.00037EPSS

Vulnrichment•added 2026/06/01 10:15 p.m.•6 views

CVE-2026-10297 itsourcecode Fees Management System manage_course.php sql injection

6.5CVSS6.5AI score0.00037EPSS

RedhatCVE•added 2026/06/01 10:3 p.m.•4 views

CVE-2026-10178

A vulnerability was detected in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may ...

7.5CVSS5.7AI score0.00044EPSS

RedhatCVE•added 2026/06/01 10:3 p.m.•7 views

CVE-2026-10111

A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The...

7.5CVSS5.5AI score0.00039EPSS

RedhatCVE•added 2026/06/01 10:3 p.m.•7 views

CVE-2026-10185

A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

7.5CVSS5.6AI score0.00044EPSS

Vulnrichment•added 2026/06/01 10:0 p.m.•7 views

CVE-2026-24782 Kiteworks Secure Data Forms has a SQL Injection vulnerability

7.6CVSS5.9AI score0.00031EPSS