CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13185 matches found

CVE•added 2025/03/04 12:0 a.m.•47 views

CVE-2024-50706

CVE-2024-50706 describes an unauthenticated SQL injection in Uniguest Tripleplay. The vulnerability affects Tripleplay 23.1+ and enables remote attackers to execute arbitrary SQL queries on the backend database. Multiple sources corroborate the issue and classify it as high/critical risk (CVSS v3...

9.8CVSS9.9AI score0.00481EPSS

Exploits0References2Affected Software1

CVE•added 2025/02/25 5:16 a.m.•75 views

CVE-2025-22210

The CVE-2025-22210 entry relates to a SQL injection in the Hikashop Joomla component (versions 3.3.0–5.1.4) that is exploitable by authenticated administrators via the category management area in the backend. Affected software: Hikashop component for Joomla. Root cause: improper handling of SQL q...

7.2CVSS8.4AI score0.00468EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2025/02/20 10:24 p.m.•10 views

CVE-2025-26606

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, informacaoadicional.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

10CVSS8.2AI score0.00542EPSS

Exploits1References1

NVD•added 2025/02/18 9:15 p.m.•5 views

CVE-2025-26605

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletarcargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access...

9.4CVSS0.00456EPSS

Exploits1References1

Cvelist•added 2025/02/18 8:36 p.m.•33 views

CVE-2025-26609 SQL Injection endpoint 'familiar_docfamiliar.php' parameter 'id_dependente', 'id_doc' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, familiardocfamiliar.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

10CVSS0.00542EPSS

Exploits1References1

Vulnrichment•added 2025/02/18 8:34 p.m.•6 views

CVE-2025-26612 SQL Injection endpoint 'adicionar_almoxarife.php' parameter 'id_almoxarifado', 'id_funcionario' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, adicionaralmoxarife.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

10CVSS8.6AI score0.00523EPSS

Exploits1References1

NVD•added 2025/02/17 5:15 a.m.•9 views

CVE-2025-1389

Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS0.00466EPSS

Exploits0References2

Cvelist•added 2025/02/15 8:10 a.m.•10 views

CVE-2025-22208 Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'filteremail' parameter in the GDPR Erase Data Request search feature...

0.00604EPSS

Exploits1References2

Vulnrichment•added 2025/02/15 8:10 a.m.•10 views

CVE-2025-22209 Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature...

5.8AI score0.00274EPSS

Exploits1References2

RedhatCVE•added 2025/02/14 3:6 p.m.•4 views

CVE-2025-26346

A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserGroupMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP...

5.5CVSS8.2AI score0.00617EPSS

Exploits0References1

RedhatCVE•added 2025/02/14 3:5 p.m.•7 views

CVE-2025-26348

A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP reques...

5.5CVSS8.2AI score0.00617EPSS

Exploits0References1

RedhatCVE•added 2025/02/14 7:46 a.m.•14 views

CVE-2024-34930

A SQL injection vulnerability in /model/allevents1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter...

5.3CVSS8.5AI score0.00221EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 6:15 a.m.•8 views

CVE-2024-34935

A SQL injection vulnerability in /view/conversationhistoryadmin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...

9.8CVSS8.5AI score0.0051EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 4:18 a.m.•7 views

CVE-2024-33801

A SQL injection vulnerability in /model/getsubjectrouting.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

9.8CVSS8.5AI score0.0051EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 4:17 a.m.•14 views

CVE-2024-33799

A SQL injection vulnerability in /model/getteacher.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

9.8CVSS8.5AI score0.0051EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 4:2 a.m.•16 views

CVE-2024-33807

A SQL injection vulnerability in /model/getteachertimetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter...

5.4CVSS8.5AI score0.00286EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 3:46 a.m.•14 views

CVE-2024-33808

A SQL injection vulnerability in /model/gettimetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

9.8CVSS8.5AI score0.0051EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 3:44 a.m.•11 views

CVE-2024-33800

A SQL injection vulnerability in /model/getstudent1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter...

9.8CVSS8.5AI score0.0051EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 3:42 a.m.•13 views

CVE-2024-33804

A SQL injection vulnerability in /model/getsubject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

6.3CVSS8.5AI score0.00297EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 3:33 a.m.•12 views

CVE-2024-33802

A SQL injection vulnerability in /model/getstudentsubject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter...

6.5CVSS8.5AI score0.00426EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by