Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

80313 matches found

EUVD
EUVDadded 5 days ago6 views

EUVD-2018-21933

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

8.8CVSS6.1AI score0.00068EPSS
Exploits0References4
Cvelist
Cvelistadded 5 days ago25 views

CVE-2018-25411 MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

8.8CVSS0.00068EPSS
Exploits0References4
Cvelist
Cvelistadded 5 days ago24 views

CVE-2018-25410 SIM-PKH 2.4.1 SQL Injection via media.php id Parameter

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS0.00026EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 5 days ago8 views

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00026EPSS
Exploits0References4Affected Software1
CVE
CVEadded 5 days ago11 views

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection in admin/media.php via the id parameter. In the affected flow, an authenticated attacker can craft GET requests with module=pengurus and act=editpengurus to inject SQL UNION statements, enabling extraction of database information (usernames, database names,...

7.1CVSS6.2AI score0.00026EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 5 days ago6 views

CVE-2018-25411 MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to...

8.8CVSS6.1AI score0.00068EPSS
Exploits0References4
Cvelist
Cvelistadded 5 days ago27 views

CVE-2018-25407 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS0.00068EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 5 days ago7 views

CVE-2018-25407 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.00068EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 5 days ago5 views

CVE-2018-25407

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.00068EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 5 days ago4 views

EUVD-2018-21929

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.00068EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 5 days ago5 views

CVE-2018-25405

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract...

8.8CVSS6.1AI score0.00068EPSS
Exploits0References4Affected Software1
CVE
CVEadded 5 days ago11 views

CVE-2018-25405

The CVE-2018-25405 entry describes SQL injection vulnerabilities in eNdonesia Portal 8.7. Specifically, unauthenticated attackers can inject SQL through mod.php parameters artid, cid, did, contid, and aboutid to retrieve sensitive data (usernames, database names, version details). Metrics show CV...

8.8CVSS6.1AI score0.00068EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 5 days ago7 views

CVE-2018-25405 eNdonesia Portal 8.7 SQL Injection via mod.php

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters to extract...

8.8CVSS6.1AI score0.00068EPSS
Exploits0References4
Cvelist
Cvelistadded 5 days ago37 views

CVE-2026-9757 GEO my WP <= 4.5.5 - Unauthenticated SQL Injection via 'swlatlng' / 'nelatlng' Parameters

The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $SERVER'QUERYSTRING' via parsestr bypassing WordPress's wpmagicquotes protection, which only covers...

7.5CVSS0.00087EPSS
Exploits0References8
RedhatCVE
RedhatCVEadded 5 days ago9 views

CVE-2026-45288

Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...

9.8CVSS5.9AI score0.00038EPSS
Exploits0References1
GithubExploit
GithubExploitadded 5 days ago40 views

exploit_db.md

e...

5.8AI score
Exploits0
Fedora
Fedoraadded 5 days ago9 views

[SECURITY] Fedora 44 Update: pdns-5.0.5-1.fc44

The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only name server. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database...

8.6CVSS5.8AI score0.00024EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 5 days ago6 views

PT-2026-45116

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

8.8CVSS6.1AI score0.00068EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 5 days ago7 views

PT-2026-45119

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

8.8CVSS6.1AI score0.00068EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 5 days ago6 views

PT-2026-45107

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...

8.8CVSS6.2AI score0.00068EPSS
Exploits0References5
Rows per page
Query Builder