CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 6 days ago•9 views

CVE-2026-10252

The CVE-2026-10252 entry concerns itsourcecode Online House Rental System 1.0. A vulnerability exists in an unknown function of /manage_tenant.php where manipulation of the ID parameter leads to SQL injection. Attacks can be initiated remotely, and the exploit has been publicly disclosed and may ...

7.5CVSS6.9AI score0.00033EPSS

EUVD•added 6 days ago•7 views

EUVD-2026-33626

A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS6.9AI score0.00033EPSS

Vulnrichment•added 6 days ago•6 views

CVE-2026-10251 itsourcecode Online House Rental System ajax.php login sql injection

7.5CVSS6.9AI score0.00033EPSS

EUVD•added 6 days ago•7 views

EUVD-2026-33625

A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be carried out...

7.5CVSS5.7AI score0.00033EPSS

ATTACKERKB•added 6 days ago•8 views

CVE-2026-25600

The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...

6.4CVSS5.8AI score0.00007EPSS

NVD•added 6 days ago•7 views

CVE-2026-10237

A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the atta...

5.8CVSS0.00032EPSS

Vulnrichment•added 6 days ago•7 views

CVE-2026-40546 Multiple SQL Injections in SOPlanning

SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database. This issue affects SOPlanning version 1.55 and below...

8.7CVSS6AI score0.0003EPSS

EUVD•added 6 days ago•9 views

EUVD-2026-33612

8.8CVSS6AI score0.00067EPSS

Cvelist•added 6 days ago•26 views

CVE-2026-40546 Multiple SQL Injections in SOPlanning

8.7CVSS0.0003EPSS

CVE•added 6 days ago•11 views

CVE-2026-40546

SOPlanning (affected versions 1.55 and earlier) is vulnerable to SQL Injection across multiple endpoints and parameters. An attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control of the database. This is documented under CVE-2026-40546; related CVEs descr...

8.7CVSS6AI score0.0003EPSS

Vulnrichment•added 6 days ago•6 views

CVE-2026-10242 itsourcecode Content Management System instructions.php sql injection

A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topicid causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the...

6.5CVSS5.7AI score0.00033EPSS

Nuclei•added 6 days ago•166 views

MOVEit Transfer - Remote Code Execution

In Progress MOVEit Transfer before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database...

9.8CVSS7.4AI score0.94254EPSS

Exploits15References5

Nuclei•added 6 days ago•173 views

PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection

A SQL injection vulnerability in the productalloneimg and imageproduct parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. id: CVE-2022-22897 info: name: PrestaShop AP Pagebuilder = 2.4.4 - SQL Injection...

9.8CVSS7.3AI score0.91045EPSS

Exploits3References3

Cvelist•added 6 days ago•38 views

CVE-2026-10227 raisulislamg4 student_management_system_by_php User Creation add_user_check.php sql injection

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

7.5CVSS0.00033EPSS

EUVD•added 6 days ago•7 views

EUVD-2026-33552

An improper Input Validation vulnerability in OTRS or OTRS Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NOBACKSLASHESCAPES SQL mode...

ATTACKERKB•added 6 days ago•7 views

CVE-2026-48188

Exploits0References2Affected Software2

Cvelist•added 6 days ago•37 views

CVE-2026-48188 SQL Injection via MySQL Quote Method

9.1CVSS0.00074EPSS

CVE•added 6 days ago•23 views

CVE-2026-48188

OTRS (including the ((OTRS)) Community Edition) has a SQL injection in the database layer module that allows unauthenticated access to bypass authentication, triggered when MySQL/MariaDB is configured with NO_BACKSLASH_ESCAPES. Affected versions include 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2...

Vulnrichment•added 6 days ago•6 views

CVE-2026-48188 SQL Injection via MySQL Quote Method