CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 5 days ago•8 views

CVE-2026-10193

6.5CVSS6.4AI score0.00028EPSS

EUVD•added 5 days ago•7 views

EUVD-2026-33507

A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE•added 5 days ago•9 views

Exploits0References6

CVE-2026-10185

SourceCodester Hospitals Patient Records Management System 1.0 contains a SQL injection in /classes/Users.php?f=save. The vulnerability arises from manipulating the ID argument, enabling remote exploitation. Public exploits are available. Exploit maturity is PROOF-OF-CONCEPT; CVSS metrics indicat...

ATTACKERKB•added 5 days ago•8 views

Exploits0References6

CVE-2026-10185

Exploits0References6Affected Software1

NVD•added 5 days ago•10 views

CVE-2026-49490

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by...

8.6CVSS0.00026EPSS

Exploits0References2

Cvelist•added 5 days ago•25 views

CVE-2026-49489 OpenCATS - SQL Injection in DataGrid sortDirection Parameter

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...

8.5CVSS0.00029EPSS

ATTACKERKB•added 5 days ago•15 views

CVE-2026-49489

8.5CVSS5.9AI score0.00029EPSS

Exploits0References3

Vulnrichment•added 5 days ago•5 views

CVE-2026-10171 code-projects Online Music Site AdminUpdateAlbum.php sql injection

A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public a...

5.8CVSS5.7AI score0.00027EPSS

Fedora•added 5 days ago•10 views

[SECURITY] Fedora 44 Update: netatalk-4.4.3-1.fc44

Netatalk is a freely-available Open Source AFP file server. A NIX/BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server AFP. In addition to the AFP file server daemon, the following utility programs are also included: ad - AppleDouble...

9.9CVSS5.8AI score0.00256EPSS

Exploits0

Positive Technologies•added 5 days ago•9 views

PT-2026-45174

5.8CVSS5.7AI score0.00027EPSS

Exploits0References6

Positive Technologies•added 5 days ago•8 views

PT-2026-45195

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This impacts an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been...

Positive Technologies•added 5 days ago•5 views

Exploits0References7

PT-2026-45191

8.5CVSS5.9AI score0.00029EPSS

Positive Technologies•added 5 days ago•8 views

PT-2026-45197

A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. The attack can be executed remotely. The exploit...

Positive Technologies•added 5 days ago•6 views

Exploits0References7

PT-2026-45196

Cvelist•added 6 days ago•30 views

Exploits0References7

CVE-2026-10155 Bdtask Multi-Store Inventory Management System Accounts Report Accounts.php accounts_report_search sql injection

A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accountsreportsearch of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument dtpToDat...

5.8CVSS0.00026EPSS

NVD•added 6 days ago•9 views

CVE-2018-25420

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

NVD•added 6 days ago•14 views

CVE-2018-25425

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers can send GET requests to index.php with crafted SQL payloads in the aid or cid parameters to extra...

NVD•added 6 days ago•14 views

CVE-2018-25419

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

NVD•added 6 days ago•16 views

CVE-2018-25416

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...