CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 5 days ago•5 views

CVE-2019-25752

8.8CVSS6.2AI score0.00366EPSS

Exploits0References4Affected Software1

CVE•added 6 days ago•20 views

CVE-2026-55740

CVE-2026-55740 affects Nur-Alam39 bus-ticket. The vulnerability is an unauthenticated SQL injection in bus_info.php where the busid parameter from an HTTP POST is concatenated directly into the query: select * from bus_info where id=$busid. This occurs in a numeric context and is not sanitized, e...

9.8CVSS5.9AI score0.00366EPSS

Exploits0References2

Vulnrichment•added 2026/06/15 12:0 p.m.•6 views

CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...

8.8CVSS6.1AI score0.0027EPSS

Positive Technologies•added 2026/06/04 12:0 a.m.•11 views

PT-2026-46196

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS6.1AI score0.0027EPSS

Exploits0References6

NVD•added 2026/06/01 10:16 p.m.•13 views

CVE-2026-49491

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

8.8CVSS0.00344EPSS

Positive Technologies•added 2026/05/30 12:0 a.m.•10 views

PT-2026-45110

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00221EPSS

Exploits0References5

NVD•added 2026/05/29 4:16 p.m.•16 views

CVE-2018-25382

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...

8.8CVSS0.00334EPSS

CVE•added 2026/05/29 2:46 p.m.•12 views

CVE-2018-25395

Kados R10 GreenBee is affected by an SQL injection via boards_buttons/update_feature.php in the feature_id parameter. The feature_id is concatenated directly into SQL statements without sanitization, enabling unauthenticated attackers to send crafted GET requests (including UNION-based payloads) ...

8.8CVSS6.1AI score0.00334EPSS

NVD•added 2026/05/25 3:16 p.m.•12 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS0.00337EPSS

NVD•added 2026/05/25 3:16 p.m.•9 views

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS0.00309EPSS

CVE•added 2026/05/25 2:15 p.m.•17 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection flaw accessible without authentication via search.php. An attacker can inject malicious code into the name parameter to perform error-based and union-based SQL injections, enabling extraction of database information such as usernames, credentials, and syst...

8.8CVSS6.2AI score0.00337EPSS

ATTACKERKB•added 2026/05/25 2:15 p.m.•9 views

CVE-2018-25362

Exploits0References3Affected Software1

EUVD•added 2026/05/25 2:15 p.m.•8 views

EUVD-2018-21882

Vulnrichment•added 2026/05/25 2:15 p.m.•9 views

CVE-2018-25362 Twitter-Clone 1 SQL Injection via follow.php

CVE•added 2026/05/25 2:15 p.m.•16 views

CVE-2018-25362

CVE-2018-25362 affects Twitter-Clone 1 with a SQL injection in follow.php via the userid parameter. The vulnerability lets an attacker manipulate queries using union-based or time-based blind payloads to extract sensitive data such as usernames, passwords, and database credentials. Impact is Conf...

Positive Technologies•added 2026/05/25 12:0 a.m.•13 views

PT-2026-43215

NVD•added 2026/05/23 7:16 p.m.•7 views

CVE-2018-25340

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...

8.8CVSS0.00334EPSS

NVD•added 2026/05/23 7:16 p.m.•12 views

CVE-2018-25341

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...

8.8CVSS0.00334EPSS

Vulnrichment•added 2026/05/23 6:30 p.m.•6 views

CVE-2018-25341 Smartshop 1 SQL Injection via product.php id Parameter

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00334EPSS