CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/11/25 2:16 p.m.•3 views

CVE-2025-65998

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

7.5CVSS6.8AI score0.0044EPSS

Snyk•added 2025/11/24 2:40 p.m.•3 views

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by accessing the internal database content, as the encryption key is hard-coded and publicly known. Note:...

7.5CVSS6.7AI score0.0044EPSS

CNVD•added 2025/11/20 12:0 a.m.•2 views

Nero Social Networking Site friendsphoto.php File SQL Injection Vulnerability

Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /friendsphoto.php. An attacker can exploit this vulnerability t...

9.8CVSS7.8AI score0.00385EPSS

CNVD•added 2025/11/20 12:0 a.m.•3 views

Responsive Hotel Site usersetting.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter usname in the file /admin/usersetting.php. An attacker can exploit this...

9.8CVSS8.2AI score0.00333EPSS

CNVD•added 2025/11/20 12:0 a.m.•4 views

Small CRM change-password.php File SQL Injection Vulnerability

Small CRM a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the oldpass parameter of change-password.php. This vulnerability can be exploited by an attacker to execute...

6.5CVSS8.3AI score0.0021EPSS

CVE•added 2025/11/19 4:41 p.m.•12 views

CVE-2025-12743

CVE-2025-12743 affects Looker: the project-generation endpoint (creating new projects from database connections) accepts a reserved internal name "looker" and the schemas parameter is vulnerable to SQL injection. This allows users with developer permissions to manipulate SELECT queries against Lo...

6CVSS7AI score0.0024EPSS

OSV•added 2025/11/18 12:15 p.m.•3 views

CVE-2025-41348

SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumperpost'...

9.8CVSS5.9AI score0.00456EPSS

Vulnrichment•added 2025/11/17 2:48 a.m.•5 views

CVE-2025-10460 Unsanitized parameter input leading to SQL Injection vulnerability

A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input...

9.4CVSS7.7AI score0.00246EPSS

CNVD•added 2025/11/14 12:0 a.m.•1 views

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-851224)

5.9AI score

CNVD•added 2025/11/13 12:0 a.m.•1 views

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-848882)

5.9AI score

Cvelist•added 2025/11/12 7:59 a.m.•7 views

CVE-2025-13047

...

0.00064EPSS

CNVD•added 2025/11/12 12:0 a.m.•6 views

Responsive Hotel Site reservation.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /admin/reservation.php. An attacker can exploit this vulnerabilit...

9.8CVSS8.2AI score0.00333EPSS

CVE•added 2025/11/11 8:20 p.m.•6 views

CVE-2024-32010

CVE-2024-32010 affects Siemens Spectrum Power 4 (versions before 4.70 SP12 Update 2). Affected component: world-readable credential file exposing database credentials, enabling a privileged application user to connect to the database and execute system commands. Additional context from connected ...

8.5CVSS6.7AI score0.00102EPSS

EUVD•added 2025/11/11 8:20 p.m.•3 views

EUVD-2024-29848

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run...

8.5CVSS6.5AI score0.00102EPSS

RedhatCVE•added 2025/11/10 5:22 a.m.•2 views

CVE-2025-12914

A vulnerability has been found in aaPanel BaoTa up to 11.2.x. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been...

5.8CVSS5.1AI score0.00222EPSS

CVE•added 2025/11/10 2:19 a.m.•14 views

CVE-2025-12865

U-Office Force by e-Excellence is affected by a SQL Injection vulnerability stemming from unvalidated input, enabling an authenticated remote attacker to read, modify, and delete database contents. CVSS metrics indicate high impact to confidentiality, integrity, and availability. No remediation o...

8.8CVSS7.8AI score0.00314EPSS

Exploits0References2Affected Software1

CNNVD•added 2025/11/10 12:0 a.m.•5 views

e-Excellence U-Office Force SQL注入漏洞

e-Excellence U-Office Force is an e-Office platform from China-based First Class Technology e-Excellence. The e-Excellence U-Office Force suffers from a SQL injection vulnerability that originates from allowing an authenticated, remote attacker to inject arbitrary SQL commands that could result i...

8.8CVSS8.1AI score0.00314EPSS

CNVD•added 2025/11/10 12:0 a.m.•2 views

Dell CloudLink Elevation of Privilege Vulnerability

Dell CloudLink is a data encryption and key management system from Dell USA. An elevation of privilege vulnerability exists in Dell CloudLink, which could be exploited by an attacker to gain access to a database and obtain confidential information...

6.7CVSS7.2AI score0.00113EPSS