CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4662 matches found

Vulnrichment•added 2025/10/31 7:44 a.m.•2 views

CVE-2025-6520 SQLi in Abis Technology's BAPSIS

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Abis Technology BAPSIS allows Blind SQL Injection. This issue affects BAPSIS: before 202510271606...

9.8CVSS5.6AI score0.00038EPSS

Exploits0References2

ATTACKERKB•added 2025/10/31 7:44 a.m.•2 views

CVE-2025-6520

9.8CVSS5.6AI score0.00038EPSS

Exploits0References3

EUVD•added 2025/10/31 7:44 a.m.•1 views

EUVD-2025-37308

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Abis Technology BAPSIS allows Blind SQL Injection.This issue affects BAPSIS: before 202510271606...

9.8CVSS7.2AI score0.00038EPSS

Exploits0References2

CVE•added 2025/10/28 5:27 a.m.•10 views

CVE-2025-11735

The CVE refers to HUSKY – Products Filter Professional for WooCommerce (WordPress plugin) with a blind SQL Injection via the phrase parameter. Affected versions are all up to and including 1.3.7.1, caused by insufficient escaping and lack of proper query preparation, enabling unauthenticated atta...

7.5CVSS6.4AI score0.001EPSS

Exploits0References2

RedhatCVE•added 2025/10/23 3:14 p.m.•3 views

CVE-2025-49931

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through = 3.5.10...

9.3CVSS5.9AI score0.00034EPSS

Exploits0References1

EUVD•added 2025/10/22 3:31 p.m.•3 views

EUVD-2025-35527

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CrocoBlock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through = 3.5.10...

7.1AI score0.00034EPSS

Exploits0References2

Positive Technologies•added 2025/10/22 12:0 a.m.•2 views

PT-2025-43195

Name of the Vulnerable Software and Affected Versions CrocoBlock JetSearch versions through 3.5.10 Description A flaw exists in CrocoBlock JetSearch that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This issue could potentially allow an...

9.3CVSS7.5AI score0.00034EPSS

Exploits0References4

RedhatCVE•added 2025/10/17 6:44 p.m.•3 views

CVE-2025-62423

ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - 140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/adminarea/loginasuser.php” file. Exploiting this vulnerability requires access privileges to the Admin Area...

6.7CVSS7.9AI score0.00048EPSS

Exploits1References1

NVD•added 2025/10/16 7:15 p.m.•2 views

CVE-2025-62423

7.2CVSS0.00048EPSS

Exploits1References2

RedhatCVE•added 2025/10/16 8:33 a.m.•1 views

CVE-2025-11365

The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'googlemap' shortcode in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

6.5CVSS6.5AI score0.00031EPSS

Exploits0References1

RedhatCVE•added 2025/10/15 4:44 p.m.•1 views

CVE-2025-10610

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.This issue affects Winsure: through Version dated 21.08.2025...

9.8CVSS7.7AI score0.00038EPSS

Exploits0References1

Vulnrichment•added 2025/10/15 8:25 a.m.•2 views

CVE-2025-11365 WP Google Map Plugin <= 1.0 - Authenticated (Contributor+) SQL Injection

6.5CVSS6.2AI score0.00031EPSS

Exploits0References2

NVD•added 2025/10/14 1:15 p.m.•1 views

CVE-2025-10610

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection. This issue affects Winsure: through Version dated 21.08.2025...

9.8CVSS0.00038EPSS

Exploits0References2

Cvelist•added 2025/10/14 12:43 p.m.•5 views

CVE-2025-10610 SQLi in SFS Winsure

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection. This issue affects Winsure: through Version dated 21.08.2025...

9.8CVSS0.00038EPSS

Exploits0References2

CVE•added 2025/10/10 11:2 a.m.•7 views

CVE-2025-11188

The CVE-2025-11188 vulnerability affects the Kiwire Captive Portal (SynchroWeb). It is a blind SQL injection in the nas-id parameter that can be used to issue SQL commands and compromise the associated database. The issue is documented across multiple sources (NVD/Red Hat RH, EUVD ENISA, CVE list...

7.3CVSS7.7AI score0.0003EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/10/10 11:2 a.m.•2 views

CVE-2025-11188 CVE-2025-11188

The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database...

7.7AI score0.0003EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-13371

Malware in sbrugna...

7.5CVSS7.6AI score0.00849EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-24842

Malware in sbrugna...

10CVSS9.4AI score0.01647EPSS

Exploits0References2