CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/29 7:7 p.m.•7 views

GHSA-XG9X-H37W-H3R3 ezsystems/ezpublish-legacy has a SQL injection in dfscleanup

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

7.1CVSS5.8AI score0.00017EPSS

Exploits0References2

NVD•added 2026/05/29 6:16 p.m.•10 views

CVE-2026-10105

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...

8.7CVSS0.00309EPSS

Exploits0References5

Snyk•added 2026/05/29 5:22 p.m.•6 views

SQL Injection

Overview bolt/bolt is a sophisticated, lightweight & simple CMS. Affected versions of this package are vulnerable to SQL Injection via the order parameter in content listing pages through the OrderDirective component. An attacker can extract sensitive information from the database by injecting...

8.8CVSS5.9AI score0.00241EPSS

Exploits0References2

Cvelist•added 2026/05/29 4:18 p.m.•34 views

CVE-2026-10105 agno 2.6.5 SQL Injection via ClickHouse delete_by_metadata()

8.7CVSS0.00309EPSS

Exploits0References5

NVD•added 2026/05/29 4:16 p.m.•7 views

CVE-2018-25401

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to severgraph.php with crafted SQL payloads to extract sensitive databas...

NVD•added 2026/05/29 4:16 p.m.•9 views

CVE-2018-25402

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inctypesgraph.php with crafted SQL payloads to extract sensitive...

NVD•added 2026/05/29 4:16 p.m.•9 views

CVE-2018-25400

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

CVE•added 2026/05/29 2:46 p.m.•10 views

CVE-2018-25404

The Open ISES Project 3.30A is affected by an SQL injection in add_facnote.php accessed via the ticket_id parameter. Unauthenticated attackers can send crafted GET requests to extract sensitive data (e.g., database version/details), exposing confidentiality and potentially other data. The vulnera...

8.8CVSS6.1AI score0.0027EPSS

CVE•added 2026/05/29 2:46 p.m.•12 views

CVE-2018-25394

Kados R10 GreenBee contains an SQL injection in boards_buttons/update_release.php via the release_id parameter. The release_id value is concatenated directly into SQL statements without sanitization, enabling unauthenticated attackers to send a crafted GET request (Union-based payload) to extract...

8.8CVSS6.1AI score0.00334EPSS

CVE•added 2026/05/29 2:46 p.m.•13 views

CVE-2018-25390

HaPe PKH 1.1 is affected by an SQL injection via the desa POST parameter sent to lap-peserta-perdesa-pdf.php. The vulnerability allows unauthenticated attackers to manipulate database queries, using a crafted time-based blind payload to infer and extract sensitive information. The connected docum...

EUVD•added 2026/05/29 2:46 p.m.•8 views

EUVD-2018-21912

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'desa' POST parameter sent to lap-peserta-perdesa-pdf.php. Attackers can send a crafted request with a time-based blind payload to infer and...

Vulnrichment•added 2026/05/29 2:46 p.m.•8 views

CVE-2018-25382 Zechat 1.5 SQL Injection via uname Parameter

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...

Cvelist•added 2026/05/29 2:46 p.m.•28 views

CVE-2018-25382 Zechat 1.5 SQL Injection via uname Parameter

NVD•added 2026/05/29 2:16 p.m.•14 views

CVE-2026-44238

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

8.8CVSS0.00289EPSS

Exploits0References1

RedhatCVE•added 2026/05/29 2:12 p.m.•7 views

CVE-2026-41125

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All versions, blueplanet...

6CVSS7.1AI score0.00155EPSS

Exploits0References1

Vulnrichment•added 2026/05/29 6:58 a.m.•8 views

CVE-2026-4776

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

7.1CVSS6AI score0.00224EPSS

Exploits0References1

CNNVD•added 2026/05/29 12:0 a.m.•9 views

Sitejo HaPe PKH SQL注入漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the desa POST parameter, allowing unauthenticated attacke...