CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

85 matches found

OSV•added 2026/01/30 11:16 p.m.•3 views

CVE-2020-37051

Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate use...

5.3CVSS5.8AI score

Exploits0References3

NVD•added 2025/12/23 8:15 p.m.•3 views

CVE-2023-53982

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-bas...

9.3CVSS0.00558EPSS

Exploits1References4

NVD•added 2025/12/17 8:15 p.m.•4 views

CVE-2025-66396

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/UserEditor.php file. When an administrator saves a user's configuration settings, the keys of the type POST parameter array are not properly sanitized or type-casted befor...

7.2CVSS0.00346EPSS

Exploits1References1

GithubExploit•added 2025/12/13 4:50 a.m.•153 views

Exploit for CVE-2025-66947

CVE-2025-66947 SQL Injection in krishanmuraiji SMS v1.0 CVE-2...

8.5AI score0.00259EPSS

Exploits2

Cvelist•added 2025/12/06 4:37 a.m.•16 views

CVE-2025-13922 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection via ORDER BY Clause

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existingtermsorderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on...

6.5CVSS0.00254EPSS

Exploits0References5

CVE•added 2025/11/25 7:28 a.m.•18 views

CVE-2025-13385

CVE-2025-13385 affects the WordPress plugin Bookme – Free Online Appointment Booking and Scheduling System (versions up to 4.2). The vulnerability is a time-based SQL Injection arising from insufficient escaping of the filter[status] parameter in the affected SQL query, enabling an authenticated ...

4.9CVSS6.2AI score0.0026EPSS

Exploits0References3