CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13142 matches found

CVE•added 2025/11/07 12:0 a.m.•7 views

CVE-2025-63718

The CVE-2025-63718 entry describes a SQL injection in SourceCodester PQMS 1.0 at api_patient_schedule.php, where the appointmentID parameter is not properly sanitized, enabling arbitrary SQL commands. This is evidenced across multiple connected sources (e.g., Red Hat, EUVD, NVD/CVE records, CNVD,...

6.5CVSS8.1AI score0.00039EPSS

Exploits1References2Affected Software1

NVD•added 2025/11/06 12:15 a.m.•2 views

CVE-2025-64114

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - 151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities require the Custom...

6.5CVSS0.00087EPSS

Exploits1References3

EUVD•added 2025/11/05 11:30 p.m.•2 views

EUVD-2025-37959

6.5CVSS7.5AI score0.00087EPSS

Exploits1References3

CVE•added 2025/10/30 12:0 a.m.•6 views

CVE-2025-63608

CVE-2025-63608 describes a SQL injection in CSZ-CMS

5.4CVSS7.8AI score0.00035EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/10/30 12:0 a.m.•6 views

CVE-2025-63608

A SQL injection vulnerability exists in CSZ-CMS =1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries...

0.00035EPSS

Exploits1References1

NVD•added 2025/10/17 6:15 p.m.•3 views

CVE-2025-62422

DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...

8.8CVSS0.00049EPSS

Exploits1References2

Cvelist•added 2025/10/17 12:0 a.m.•4 views

CVE-2025-56316

A SQL injection vulnerability in the contenttitle parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering...

0.00156EPSS

Exploits1References2

CNVD•added 2025/10/15 12:0 a.m.•3 views

E-Commerce Website product_add_qty.php file SQL injection vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter prodid in file /pages/productaddqty.php. An attacker can exploit this vulnerability to execu...

9.8CVSS8.3AI score0.00043EPSS

Exploits1References1

Cvelist•added 2025/10/07 12:36 p.m.•4 views

CVE-2025-40886 Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering...

7.7CVSS0.00027EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2007-3636

Malware in sbrugna...

9.8CVSS6.4AI score0.0042EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-0786

Malware in sbrugna...

7.5CVSS6.4AI score0.00804EPSS

Exploits0References4