CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13183 matches found

RedhatCVE•added 2025/02/20 10:24 p.m.•10 views

CVE-2025-26606

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, informacaoadicional.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

10CVSS8.2AI score0.00542EPSS

Exploits1References1

NVD•added 2025/02/18 9:15 p.m.•5 views

CVE-2025-26605

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletarcargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access...

9.4CVSS0.00445EPSS

Exploits1References1

Cvelist•added 2025/02/18 8:36 p.m.•33 views

CVE-2025-26609 SQL Injection endpoint 'familiar_docfamiliar.php' parameter 'id_dependente', 'id_doc' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, familiardocfamiliar.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

10CVSS0.00542EPSS

Exploits1References1

Vulnrichment•added 2025/02/18 8:34 p.m.•6 views

CVE-2025-26612 SQL Injection endpoint 'adicionar_almoxarife.php' parameter 'id_almoxarifado', 'id_funcionario' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, adicionaralmoxarife.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

10CVSS8.6AI score0.00523EPSS

Exploits1References1

NVD•added 2025/02/17 5:15 a.m.•9 views

CVE-2025-1389

Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS0.00455EPSS

Exploits0References2

Cvelist•added 2025/02/15 8:10 a.m.•10 views

CVE-2025-22208 Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'filteremail' parameter in the GDPR Erase Data Request search feature...

0.00604EPSS

Exploits1References2

Vulnrichment•added 2025/02/15 8:10 a.m.•10 views

CVE-2025-22209 Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature...

5.8AI score0.00274EPSS

Exploits1References2

RedhatCVE•added 2025/02/14 3:6 p.m.•4 views

CVE-2025-26346

A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserGroupMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP...

5.5CVSS8.2AI score0.00617EPSS

Exploits0References1

RedhatCVE•added 2025/02/14 3:5 p.m.•6 views

CVE-2025-26348

A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP reques...

5.5CVSS8.2AI score0.00617EPSS

Exploits0References1

RedhatCVE•added 2025/02/14 7:46 a.m.•14 views

CVE-2024-34930

A SQL injection vulnerability in /model/allevents1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter...

5.3CVSS8.5AI score0.00221EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 6:15 a.m.•7 views

CVE-2024-34935

A SQL injection vulnerability in /view/conversationhistoryadmin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...

9.8CVSS8.5AI score0.0051EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 4:18 a.m.•7 views

CVE-2024-33801

A SQL injection vulnerability in /model/getsubjectrouting.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

9.8CVSS8.5AI score0.0051EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 4:17 a.m.•14 views

CVE-2024-33799

A SQL injection vulnerability in /model/getteacher.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

9.8CVSS8.5AI score0.0051EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 4:2 a.m.•16 views

CVE-2024-33807

A SQL injection vulnerability in /model/getteachertimetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter...

5.4CVSS8.5AI score0.00286EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 3:46 a.m.•14 views

CVE-2024-33808

A SQL injection vulnerability in /model/gettimetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

9.8CVSS8.5AI score0.0051EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 3:44 a.m.•11 views

CVE-2024-33800

A SQL injection vulnerability in /model/getstudent1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter...

9.8CVSS8.5AI score0.0051EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 3:42 a.m.•13 views

CVE-2024-33804

A SQL injection vulnerability in /model/getsubject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

6.3CVSS8.5AI score0.00297EPSS

Exploits1References1

RedhatCVE•added 2025/02/14 3:33 a.m.•12 views

CVE-2024-33802

A SQL injection vulnerability in /model/getstudentsubject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter...

6.5CVSS8.5AI score0.00426EPSS

Exploits1References1

RedhatCVE•added 2025/02/13 11:39 p.m.•15 views

CVE-2024-35361

MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights...

9.8CVSS8.3AI score0.00512EPSS

Exploits0References1

RedhatCVE•added 2025/02/13 11:26 p.m.•10 views

CVE-2024-35468

A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter...

5.4CVSS8.7AI score0.0035EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by