CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

RedhatCVE•added 2025/10/17 8:40 a.m.•3 views

CVE-2025-41019

SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticketdetail'...

9.3CVSS8AI score0.00036EPSS

Exploits0References1

NVD•added 2025/10/16 8:15 a.m.•2 views

CVE-2025-41019

SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticketdetail'...

9.3CVSS0.00036EPSS

Exploits0References1

Vulnrichment•added 2025/10/16 7:56 a.m.•1 views

CVE-2025-41019 SQL injection vulnerability in Sergestec's Exito

SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticketdetail'...

9.3CVSS7.5AI score0.00036EPSS

Exploits0References1

CVE•added 2025/10/16 7:56 a.m.•8 views

CVE-2025-41019

The CVE-2025-41019 entry affects Sergestec’s SISTICK v7.2, where a SQL injection vulnerability exists in the /index.php?view=ticket_detail endpoint via the id parameter. The underlying flaw allows an unauthenticated attacker to retrieve, create, update, or delete databases through this parameter,...

9.3CVSS7.5AI score0.00036EPSS

Exploits0References1

Cvelist•added 2025/10/16 7:56 a.m.•7 views

CVE-2025-41019 SQL injection vulnerability in Sergestec's Exito

SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticketdetail'...

9.3CVSS0.00036EPSS

Exploits0References1

CNNVD•added 2025/10/16 12:0 a.m.•1 views

Sergestec SISTICK SQL注入漏洞

Sergestec SISTICK is an enterprise business management platform from Sergestec. A SQL injection vulnerability exists in Sergestec SISTICK v7.2, which stems from incorrect manipulation of the parameter id in the file /index.php?view=ticketdetail, which could lead to a SQL injection attack...

9.3CVSS7.7AI score0.00036EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-24354

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00226EPSS

Exploits0References2

Tenable Nessus•added 2025/08/27 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2024-32492

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

7.1CVSS5.9AI score0.0065EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 6:19 a.m.•6 views

CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

7.1CVSS6.9AI score0.0065EPSS

Exploits0References1

OSV•added 2024/04/29 5:15 p.m.•10 views

CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

7.1CVSS6.8AI score0.0065EPSS

Exploits0References2

NVD•added 2024/04/29 5:15 p.m.•10 views

CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

7.1CVSS6.6AI score0.0065EPSS

Exploits0References2

OSV•added 2024/04/29 5:15 p.m.•1 views

UBUNTU-CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

7.1CVSS5.9AI score0.0065EPSS

Exploits0References3

Positive Technologies•added 2024/04/29 12:0 a.m.•3 views

PT-2024-24614 · Znuny · Znuny

Name of the Vulnerable Software and Affected Versions: Znuny versions 7.0.1 through 7.0.16 Description: An issue was discovered where the ticket detail view in the customer front allows the execution of external JavaScript. Recommendations: For versions 7.0.1 through 7.0.16, consider disabling th...

7.1CVSS7AI score0.0065EPSS

Exploits0References8

CVE•added 2024/04/29 12:0 a.m.•85 views

CVE-2024-32492

Znuny 7.0.1–7.0.16 contains a vulnerability in the ticket detail view for the customer front that allows execution of external JavaScript. The issue is supported by multiple sources (NVD/NASL entries and Red Hat/Ubuntu Debian advisories) without a documented vendor patch in the provided materials...

7.1CVSS6.8AI score0.0065EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/04/29 12:0 a.m.•11 views

CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

7AI score0.0065EPSS

Exploits0References2

NVD•added 2023/08/17 8:15 p.m.•8 views

CVE-2023-31943

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticketid parameter at ticketdetail.php...

7.2CVSS7.4AI score0.01289EPSS

Exploits1References1

CNNVD•added 2023/08/17 12:0 a.m.•1 views

Online Travel Agency System SQL注入漏洞

Online Travel Agency System is an online travel agency system by Qaseem Hilal, an individual developer. A security vulnerability exists in Online Travel Agency System version v.1.0, which can be exploited to execute arbitrary code from the ticketid parameter of the ticketdetail.php file...

7.2CVSS7.5AI score0.01289EPSS

Exploits1References2

Cvelist•added 2023/08/17 12:0 a.m.•9 views

CVE-2023-31943

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticketid parameter at ticketdetail.php...

7.6AI score0.01289EPSS

Exploits1References1