CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 5 days ago•4 views

PT-2026-45110

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00026EPSS

Exploits0References5

NVD•added 6 days ago•4 views

CVE-2018-25382

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...

8.8CVSS0.00065EPSS

CVE•added 6 days ago•6 views

CVE-2018-25395

Kados R10 GreenBee is affected by an SQL injection via boards_buttons/update_feature.php in the feature_id parameter. The feature_id is concatenated directly into SQL statements without sanitization, enabling unauthenticated attackers to send crafted GET requests (including UNION-based payloads) ...

8.8CVSS6.1AI score0.00068EPSS

NVD•added 2026/05/25 3:16 p.m.•6 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS0.00086EPSS

NVD•added 2026/05/25 3:16 p.m.•6 views

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS0.00044EPSS

CVE•added 2026/05/25 2:15 p.m.•9 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection flaw accessible without authentication via search.php. An attacker can inject malicious code into the name parameter to perform error-based and union-based SQL injections, enabling extraction of database information such as usernames, credentials, and syst...

8.8CVSS6.2AI score0.00086EPSS

ATTACKERKB•added 2026/05/25 2:15 p.m.•6 views

CVE-2018-25362

Exploits0References3Affected Software1

CVE•added 2026/05/25 2:15 p.m.•9 views

CVE-2018-25362

CVE-2018-25362 affects Twitter-Clone 1 with a SQL injection in follow.php via the userid parameter. The vulnerability lets an attacker manipulate queries using union-based or time-based blind payloads to extract sensitive data such as usernames, passwords, and database credentials. Impact is Conf...

EUVD•added 2026/05/25 2:15 p.m.•5 views

EUVD-2018-21882

Vulnrichment•added 2026/05/25 2:15 p.m.•4 views

CVE-2018-25362 Twitter-Clone 1 SQL Injection via follow.php

Positive Technologies•added 2026/05/25 12:0 a.m.•6 views

PT-2026-43215

NVD•added 2026/05/23 7:16 p.m.•7 views

CVE-2018-25341

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...

8.8CVSS0.0009EPSS

NVD•added 2026/05/23 7:16 p.m.•3 views

CVE-2018-25340

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...

8.8CVSS0.0009EPSS

EUVD•added 2026/05/23 6:30 p.m.•5 views

EUVD-2018-21862

8.8CVSS6.1AI score0.0009EPSS

Vulnrichment•added 2026/05/23 6:30 p.m.•3 views

CVE-2018-25341 Smartshop 1 SQL Injection via product.php id Parameter

8.8CVSS6.1AI score0.0009EPSS

CVE•added 2026/05/23 6:30 p.m.•27 views

CVE-2018-25340

The CVE-2018-25340 entry affects Smartshop 1, with a SQL injection in category.php through the id parameter that allows unauthenticated attackers to send GET requests using UNION-based payloads to extract database data (e.g., usernames). The vulnerability is triggered via the id parameter and can...

8.8CVSS6.1AI score0.0009EPSS

Cvelist•added 2026/05/23 6:30 p.m.•5 views

CVE-2018-25340 Smartshop 1 SQL Injection via category.php

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...

8.8CVSS0.0009EPSS

EUVD•added 2026/05/20 8:23 a.m.•6 views

EUVD-2026-31072

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

9.3CVSS6AI score0.00036EPSS

Exploits0References1

NVD•added 2026/05/17 1:16 p.m.•6 views

CVE-2018-25338

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

8.8CVSS0.00086EPSS