CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

82392 matches found

CVE•added 2026/03/12 3:36 p.m.•11 views

CVE-2019-25527

CVE-2019-25527 affects Inout EasyRooms Ultimate Edition v1.0. The vulnerability is an SQL injection in the numguest parameter, exploitable by sending crafted POST requests to the /search/searchdetailed endpoint. It is described as allowing unauthenticated attackers to manipulate queries, potentia...

9.1CVSS5.9AI score0.00409EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/03/12 3:36 p.m.•2 views

CVE-2019-25526

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloa...

8.8CVSS5.9AI score0.00346EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/12 3:36 p.m.•2 views

CVE-2019-25526 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search

8.8CVSS5.9AI score0.00346EPSS

Exploits1References2

Cvelist•added 2026/03/12 3:36 p.m.•26 views

CVE-2019-25526 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search

8.8CVSS0.00346EPSS

Exploits1References2

Vulnrichment•added 2026/03/12 3:36 p.m.•2 views

CVE-2019-25525 Inout EasyRooms Ultimate Edition v1.0 SQL Injection via search

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to...

8.8CVSS5.9AI score0.00409EPSS

Exploits1References2

ATTACKERKB•added 2026/03/12 3:36 p.m.•4 views

CVE-2019-25524

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...

8.8CVSS5.9AI score0.00393EPSS

Exploits1References2

CVE•added 2026/03/12 3:36 p.m.•9 views

CVE-2019-25523

CVE-2019-25523 affects XooGallery Latest. The issue is an SQL injection in the cat_id parameter passed to cat.php, allowing unauthenticated attackers to influence database queries (bypass auth, extract/modify data) via GET requests. Root cause is unsanitized user input in SQL queries. The connect...

9.1CVSS5.9AI score0.00393EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/12 3:36 p.m.•3 views

CVE-2019-25523 XooGallery Lastest Latest SQL Injection via cat.php

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...

8.8CVSS5.9AI score0.00393EPSS

Exploits1References2

Cvelist•added 2026/03/12 3:36 p.m.•26 views

CVE-2019-25523 XooGallery Lastest Latest SQL Injection via cat.php

8.8CVSS0.00393EPSS

Exploits1References2

Vulnrichment•added 2026/03/12 3:36 p.m.•3 views

CVE-2019-25522 XooGallery Lastest Latest Multiple SQL Injections via photo.php

XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...

8.8CVSS5.9AI score0.00358EPSS

Exploits1References2

ATTACKERKB•added 2026/03/12 3:36 p.m.•3 views

CVE-2019-25522

8.8CVSS5.9AI score0.00358EPSS

Exploits1References2

CVE•added 2026/03/12 3:36 p.m.•11 views

CVE-2019-25522

CVE-2019-25522 affects XooGallery Latest, where the vulnerability is an unauthenticated SQL injection in the photo_id parameter passed to photo.php. The root cause is unsafely constructed SQL queries via the photo_id input, enabling attackers to manipulate database queries and potentially extract...

9.1CVSS5.9AI score0.00358EPSS

Exploits1References2Affected Software1

CVE•added 2026/03/12 3:36 p.m.•7 views

CVE-2019-25521

Summary: CVE-2019-25521 is an SQL injection vulnerability in the XooGallery Latest component that allows unauthenticated attackers to manipulate database queries via the gal_id parameter in gal.php. The issue is triggered by crafting malicious gal_id values in GET requests to extract sensitive da...

9.1CVSS5.9AI score0.00287EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/03/12 3:36 p.m.•25 views

CVE-2019-25521 XooGallery Lastest Latest SQL Injection via gal.php gal_id

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...

8.8CVSS0.00287EPSS

Exploits1References2

CVE•added 2026/03/12 3:36 p.m.•6 views

CVE-2019-25520

CVE-2019-25520 affects Jettweb PHP Hazir Haber Sitesi Scripti V1. The administrative login in admingiris.php is vulnerable to authentication bypass via improper SQL query validation, enabling unauthenticated attackers to bypass login and access the admin interface. Attackers can submit SQL inject...

9.8CVSS5.8AI score0.00432EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/03/12 3:36 p.m.•22 views

CVE-2019-25519 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to...

8.8CVSS0.00265EPSS

Exploits1References2

CVE•added 2026/03/12 3:36 p.m.•6 views

CVE-2019-25519

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability in the option parameter of uyelik.php, enabling time-based injections to extract sensitive data via crafted POST requests. Attacker access is described without authentication; CVSS notes high impact on confidentiali...

8.8CVSS6AI score0.00265EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/12 3:36 p.m.•2 views

CVE-2019-25517 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via haberarsiv.php

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injecti...

8.8CVSS5.9AI score0.00451EPSS

Exploits1References2

CVE•added 2026/03/12 3:36 p.m.•6 views

CVE-2019-25518

CVE-2019-25518 affects Jettweb PHP Hazir Haber Sitesi Scripti V1. An SQL injection flaw lets unauthenticated attackers inject SQL via the poll parameter in arama.php, enabling extraction or modification of database data. Root cause is unsafely constructed queries exposed to user input. Impact—hig...

8.8CVSS5.9AI score0.0036EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/03/12 3:36 p.m.•5 views

CVE-2019-25517

8.8CVSS5.9AI score0.00451EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by