CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added last week•4 views

Malicious Package

Overview @cloudplatform-single-spa/subnets is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.9AI score

Vulnrichment•added 2026/05/31 4:45 a.m.•7 views

CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

6.3CVSS5.1AI score0.00037EPSS

Vulnrichment•added 2026/05/30 2:55 p.m.•4 views

CVE-2018-25424 Gate Pass Management System 2.1 SQL Injection via login-exec.php

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

8.8CVSS5.9AI score0.002EPSS

Cvelist•added 2026/05/30 2:55 p.m.•28 views

CVE-2018-25422 MOGG web simulator Script All Version SQL Injection via play.php

MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract...

8.8CVSS0.00092EPSS

Exploits0References3

EUVD•added 2026/05/30 2:55 p.m.•8 views

EUVD-2018-21938

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

CVE•added 2026/05/30 2:55 p.m.•15 views

CVE-2018-25414

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability in actor.php that can be exploited by unauthenticated attackers via the actor parameter. The vulnerability is triggered by crafted SQL payloads in GET requests to actor.php, allowing extraction of sensitive database information such as u...

ATTACKERKB•added 2026/05/30 2:55 p.m.•5 views

CVE-2018-25411

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/30 2:55 p.m.•8 views

CVE-2018-25411 MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

EUVD•added 2026/05/30 2:55 p.m.•7 views

EUVD-2018-21931

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS6AI score0.00049EPSS

Cvelist•added 2026/05/30 2:55 p.m.•32 views

CVE-2018-25409 SIM-PKH 2.4.1 Arbitrary File Upload via aksi_pengurus.php

8.8CVSS0.00049EPSS

SUSE CVE•added 2026/05/30 2:19 a.m.•16 views

SUSE CVE-2026-9887

Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. Chromium security severity: Critical...

8.8CVSS6.2AI score0.0007EPSS

Exploits0References3

Positive Technologies•added 2026/05/30 12:0 a.m.•5 views

PT-2026-45114

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers can send GET requests to actor.php with crafted SQL payloads in the actor parameter to extract...

CNNVD•added 2026/05/30 12:0 a.m.•4 views

Exploits0References5

SIM-PKH 代码问题漏洞

SIM-PKH is a community-based poverty alleviation data management system developed by Insan Sutejo. Version 2.4.1 of SIM-PKH has code vulnerabilities. These vulnerabilities arise from submitting PHP code via the fupload parameter. This may allow authenticated attackers to upload malicious files,...

8.8CVSS5.9AI score0.00049EPSS

Positive Technologies•added 2026/05/30 12:0 a.m.•8 views

PT-2026-45109

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi pengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS6AI score0.00049EPSS

Exploits0References5

Tenable Nessus•added 2026/05/30 12:0 a.m.•6 views

FreeBSD : www/gohugo -- CWE-79: XSS vulnerabilities (20d59b47-5ba3-11f1-bf1b-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 20d59b47-5ba3-11f1-bf1b-b42e991fc52e advisory. https://go.dev/issue/78913 reports: CVE-2026-27142 fixed a vulnerability in which URLs were no...

6.1CVSS6AI score0.00013EPSS

Exploits0References5

Snyk•added 2026/05/29 7:7 p.m.•5 views

SQL Injection

Overview ezsystems/ezpublish-legacy is a professional PHP application framework with advanced CMS functionality. Affected versions of this package are vulnerable to SQL Injection in the getFileList function of the eZDFSFileHandlerMySQLiBackend class when executing the dfscleanup.php script. An...

8.4CVSS6AI score

OSV•added 2026/05/29 7:7 p.m.•4 views

GHSA-XG9X-H37W-H3R3 ezsystems/ezpublish-legacy has a SQL injection in dfscleanup

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

7.1CVSS5.8AI score