CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2652 matches found

Cvelist•added 2026/03/31 4:0 a.m.•22 views

CVE-2026-5179 SourceCodester Simple Doctors Appointment System login.php sql injection

A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

7.5CVSS0.00043EPSS

Exploits0References5

CVE•added 2026/03/31 4:0 a.m.•5 views

CVE-2026-5179

CVE-2026-5179 affects SourceCodester Simple Doctors Appointment System 1.0, specifically the /admin/login.php area where the Username parameter can be manipulated to cause a SQL injection. This vulnerability is exploitable remotely and has publicly available exploit information. The description a...

7.5CVSS7AI score0.00043EPSS

Exploits0References5

ATTACKERKB•added 2026/03/31 4:0 a.m.•0 views

CVE-2026-5179

7.5CVSS5.8AI score0.00043EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/03/31 12:0 a.m.•0 views

PT-2026-29190

A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

7.5CVSS5.8AI score0.00014EPSS

Exploits0References6

CNNVD•added 2026/03/31 12:0 a.m.•2 views

Code-Projects Student Membership System SQL注入漏洞

The Code-Projects Student Membership System is an open-source student management system developed by Code-Projects. Version 1.0 of the Code-Projects Student Membership System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters username and password in...

7.5CVSS7.2AI score0.00014EPSS

Exploits0References5

Positive Technologies•added 2026/03/31 12:0 a.m.•0 views

PT-2026-29221

A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is...

7.5CVSS6.8AI score0.00014EPSS

Exploits0References6

CNNVD•added 2026/03/31 12:0 a.m.•2 views

SourceCodester Simple Doctors Appointment System SQL注入漏洞

SourceCodester Simple Doctors Appointment System is an easy doctor appointment system developed under the open-source framework of SourceCodester. Version 1.0 of the SourceCodester Simple Doctors Appointment System has a SQL injection vulnerability. This vulnerability arises from incorrect handli...

7.5CVSS7.2AI score0.00043EPSS

Exploits0References5

Positive Technologies•added 2026/03/31 12:0 a.m.•1 views

PT-2026-29189

7.5CVSS5.8AI score0.00043EPSS

Exploits0References6

RedhatCVE•added 2026/03/27 5:9 p.m.•1 views

CVE-2018-25201

School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...

9.8CVSS6AI score0.00055EPSS

Exploits1References1

RedhatCVE•added 2026/03/27 2:25 p.m.•4 views

CVE-2021-27308

A cross-site scripting XSS vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter...

4.8CVSS5.7AI score0.00473EPSS

Exploits4References1

RedhatCVE•added 2026/03/27 4:59 a.m.•0 views

CVE-2026-4844

A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processing of the file /admin.php of the component Admin Login Module. The manipulation of the argument Username results in sql injection. The attack may be performed from remote. The...

7.5CVSS6.9AI score0.00014EPSS

Exploits0References1

Vulnrichment•added 2026/03/27 12:38 a.m.•0 views

CVE-2026-33890 MyTube has an Unauthenticated Admin Privilege Escalation via Passkey Registration

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...

9.3CVSS6AI score0.00392EPSS

Exploits1References2

EUVD•added 2026/03/26 12:30 p.m.•1 views

EUVD-2018-21667

Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can send POST requests to the admin login endpoint with boolean-based blind SQL injection payloads in the username...

8.8CVSS6AI score0.00515EPSS

Exploits1References4

EUVD•added 2026/03/26 12:30 p.m.•0 views

EUVD-2018-21661

7.1CVSS6AI score0.00055EPSS

Exploits1References4

EUVD•added 2026/03/26 12:30 p.m.•1 views

EUVD-2018-21655

Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login...

8.8CVSS6AI score0.00515EPSS

Exploits1References4

EUVD•added 2026/03/26 12:30 p.m.•0 views

EUVD-2018-21659

Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with...

8.8CVSS5.9AI score0.00515EPSS

Exploits1References4