CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

240 matches found

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10547 info: nam...

9.8CVSS7.3AI score0.36114EPSS

Exploits1References5

CVE•added 4 days ago•12 views

CVE-2017-20273

CVE-2017-20273 affects Joomla Event Registration Pro Calendar 4.1.3. The connected docs confirm an SQL injection vulnerability in index.php where the id parameter (via option=com_registrationpro&view=category&id) can be exploited unauthenticated to execute arbitrary SQL and extract sensitive data...

8.8CVSS6.2AI score

Exploits0References2

Cvelist•added 2026/06/15 12:0 p.m.•26 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS0.0027EPSS

Exploits0References4

Positive Technologies•added 2026/06/15 12:0 a.m.•12 views

PT-2026-49209

The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...

8.8CVSS6.1AI score0.00302EPSS

Exploits0References4

CNNVD•added 2026/06/04 12:0 a.m.•3 views

ThemeRig Listing Hub CMS SQL注入漏洞

ThemeRig Listing Hub CMS is a classification catalog and information publishing management system developed by ThemeRig Corporation. Version 1.0 of ThemeRig Listing Hub CMS contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter,...

8.8CVSS6.2AI score0.0027EPSS

Exploits0References5

CVE•added 2026/06/01 9:0 p.m.•13 views

CVE-2018-25433

Technical details for CVE-2018-25433 are not publicly available in the provided documents. Monitor for updates.

8.8CVSS6.1AI score0.00341EPSS

Exploits0References4

CNNVD•added 2026/06/01 12:0 a.m.•7 views

Paroiciel SQL注入漏洞

Paroiciel is an parish management information system developed by the French company Paroiciel. Version 11.20 of Paroiciel contains a SQL injection vulnerability. This vulnerability stems from the zProIdPro parameter, which allows for SQL injections. This could enable authenticated attackers to...

7.1CVSS6.1AI score0.00273EPSS

Exploits0References4

NVD•added 2026/05/19 2:16 p.m.•9 views

CVE-2026-42096

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

8.8CVSS0.00598EPSS

Exploits2References4

Vulnrichment•added 2026/05/19 12:59 p.m.•9 views

CVE-2026-42096 Broken Access Control in Sparx Pro Cloud Server

8.7CVSS6AI score0.00598EPSS

Exploits2References4

CNNVD•added 2026/03/21 12:0 a.m.•4 views

phpTransformer 路径遍历漏洞

phpTransformer is a content management system developed by the Lebanese company phpTransformer. The version 2016.9 of phpTransformer has a path traversal vulnerability. This vulnerability stems from an SQL injection vulnerability in the idnews parameter, which could allow remote attackers to...

8.8CVSS6.1AI score0.00377EPSS

Exploits1References4

Vulnrichment•added 2026/01/22 1:6 a.m.•2 views

CVE-2025-27378 SQL Injection in AES Due to Inactive SQL Parsing Configuration

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

8.6CVSS6.1AI score0.00353EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:45 a.m.•3 views

CVE-2025-40735

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database...

8.8CVSS8.9AI score0.0046EPSS

Exploits0References1

OSV•added 2025/12/17 5:15 p.m.•3 views

CVE-2025-67285

A SQL injection vulnerability was found in the '/cts/admin/?page=zone' file of ITSourcecode COVID Tracking System Using QR-Code v1.0. The reason for this issue is that attackers inject malicious code from the parameter 'id' and use it directly in SQL queries without the need for appropriate...

7.3CVSS5.8AI score0.00171EPSS

Exploits1References1