CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

934 matches found

CVE•added 2025/08/27 12:0 a.m.•17 views

CVE-2025-50984

Diskover-web v2.3.0 Community Edition is affected by multiple boolean-based blind SQL injection flaws in the Elasticsearch configuration form. Untrusted input in POST fields (e.g., ES_PASS, ES_MAXSIZE, ES_TRANSLOGSIZE, ES_TIMEOUT, ES_USER, ES_HOST, ES_PORT, ES_SCROLLSIZE, ES_CHUNKSIZE) can inject...

5.3CVSS7.1AI score0.00308EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/08/27 12:0 a.m.•8 views

CVE-2025-50984

diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ESPASS, ESMAXSIZE, ESTRANSLOGSIZE, ESTIMEOUT, ESUSER, ESHOST, ESPORT, ESSCROLLSIZE, ESCHUNKSIZE and...

0.00308EPSS

Exploits1References1

Positive Technologies•added 2025/08/27 12:0 a.m.•5 views

PT-2025-34881 · Unknown · Diskover-Web

Name of the Vulnerable Software and Affected Versions: diskover-web version 2.3.0 Description: The application is susceptible to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Improper input validation and parameterization in JSON-based query constructio...

5.3CVSS7.1AI score0.00308EPSS

Exploits1References5

Tenable Nessus•added 2025/08/27 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2024-51482

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in...

9.9CVSS5.9AI score0.36899EPSS

Exploits7References2

Packet Storm•added 2025/08/26 12:0 a.m.•131 views

📄 Lingdang CRM 8.6.4.7 SQL Injection

Lingdang CRM versions 8.6.4.7 and below suffer from a remote SQL injection vulnerability. Exploit Title: Lingdang CRM 8.6.4.7 - SQL Injection Google Dork: N/A Date: 2025-08-19 Exploit Author: Beatriz Fresno Naumova Vendor: Shanghai Lingdang Information Technology Software Link: N/A – commercial...

8.8CVSS8.5AI score0.00448EPSS

Exploits3

Exploit DB•added 2025/08/26 12:0 a.m.•191 views

Lingdang CRM 8.6.4.7 - SQL Injection

Exploit Title: Lingdang CRM 8.6.4.7 - SQL Injection Google Dork: N/A Date: 2025-08-19 Exploit Author: Beatriz Fresno Naumova Vendor: Shanghai Lingdang Information Technology Software Link: N/A – commercial product Version: = 8.6.4.7 fixed in 8.6.5.x per vendor advisory Tested on: Generic LAMP...

8.8CVSS6.4AI score0.00448EPSS

Exploits3

Tenable Nessus•added 2025/08/25 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2016-9814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2....

9.1CVSS8.1AI score0.02424EPSS

Exploits0References2

OSSF Malicious Packages•added 2025/08/23 2:25 p.m.•3 views

Malicious code in invalid-polyfill-boolean (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 494509102be194f3de6962a2ed4e22af22ecab01d9fb1c460b2cf0d93c4e6591 The OpenSSF Package Analysis project identified 'invalid-polyfill-boolean' @ 99.0.9 npm as malicious. It is considered malicious because: - The...

7.1AI score

Exploits0