CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5724 matches found

Positive Technologies•added 2025/10/07 12:0 a.m.•5 views

PT-2025-40991

Name of the Vulnerable Software and Affected Versions versions prior to 2025-40888 Description A SQL Injection issue exists in the CLI functionality because of inadequate input validation. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the database...

6.5CVSS7.5AI score0.00218EPSS

Exploits0References5

CNNVD•added 2025/10/07 12:0 a.m.•4 views

SourceCodester Hotel and Lodge Management System 安全漏洞

SourceCodester Hotel and Lodge Management System is a SourceCodester open source hotel and lodge management system. A security vulnerability exists in SourceCodester Hotel and Lodge Management System version 1.0, which stems from an incorrect manipulation of the parameter ID in the file...

9.8CVSS6.9AI score0.00316EPSS

Exploits1References6

CNNVD•added 2025/10/07 12:0 a.m.•1 views

Code-Projects Simple Banking System SQL注入漏洞

Simple Banking System is a simple banking system. Simple Banking System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Name in the file /createuser.php. An attacker can exploit this vulnerability to execute...

8.8CVSS8.1AI score0.00299EPSS

Exploits1References5

CNNVD•added 2025/10/07 12:0 a.m.•5 views

Nozomi Networks Guardian/CMC SQL注入漏洞

Nozomi Networks Guardian/CMC is a centralized management console from Nozomi Networks, Inc. in the United States. A SQL injection vulnerability exists in Nozomi Networks Guardian/CMC that stems from improper validation of input parameters in the Alert function, which could lead to an SQL injectio...

6.5CVSS7.7AI score0.00218EPSS

Exploits0References1

Positive Technologies•added 2025/10/07 12:0 a.m.•5 views

PT-2025-40990

Name of the Vulnerable Software and Affected Versions Alert functionality affected versions not specified Description A SQL Injection issue exists due to inadequate input validation of a parameter within the Alert functionality. An authenticated user with limited privileges can execute arbitrary...

6.5CVSS7.4AI score0.00218EPSS

Exploits0References5

NOZOMI•added 2025/10/07 12:0 a.m.•4 views

Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0

Summary A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. Impact An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing...

6.5CVSS8.1AI score0.00218EPSS

Exploits0Affected Software2

Positive Technologies•added 2025/10/07 12:0 a.m.•3 views

PT-2025-41160

Name of the Vulnerable Software and Affected Versions SourceCodester Hotel and Lodge Management System version 1.0 Description A flaw exists in SourceCodester Hotel and Lodge Management System 1.0 related to the file /del tax.php. Manipulation of the ID parameter can lead to SQL injection. This...

9.8CVSS6.6AI score0.00316EPSS

Exploits1References7

Snyk•added 2025/10/06 8:16 p.m.•3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the orderField parameter in the REST API. An attacker can execute arbitrary HQL statements by injecting crafted input, potentially leading to unauthorized data access or manipulation. Remediation Upgrade...

9.8CVSS8AI score0.0224EPSS

Exploits0References2

Vulnrichment•added 2025/10/06 1:2 a.m.•4 views

CVE-2025-11313 Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findRolePage.do findRolePage sql injection

A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This impacts the function findRolePage of the file findRolePage.do. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been published and may...

7.5CVSS7.2AI score0.00452EPSS

Exploits1References4

Positive Technologies•added 2025/10/06 12:0 a.m.•5 views

PT-2025-40935

Name of the Vulnerable Software and Affected Versions code-projects Online Course Registration version 1.0 Description A flaw exists in code-projects Online Course Registration 1.0 that allows for SQL injection. The issue is located in the file /admin/edit-course.php and involves manipulation of...

5.8CVSS5.2AI score0.00373EPSS

Exploits1References9

Positive Technologies•added 2025/10/05 12:0 a.m.•5 views

PT-2025-40825

Name of the Vulnerable Software and Affected Versions Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 version 1.0 Description A security flaw exists in the doFilter function of the findDeptPage.do file. Manipulation of the sort argument can lead to SQL injection. This issue can be...

7.5CVSS7.4AI score0.00446EPSS

Exploits1References8