CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

82372 matches found

Positive Technologies•added 2026/02/23 12:0 a.m.•5 views

PT-2026-21478

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS6.3AI score0.00192EPSS

Exploits0References5

Positive Technologies•added 2026/02/23 12:0 a.m.•7 views

PT-2026-21544

Name of the Vulnerable Software and Affected Versions Valkey versions prior to 9.0.2 Valkey versions prior to 8.1.6 Valkey versions prior to 8.0.7 Valkey versions prior to 7.2.12 Description Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious...

8.5CVSS6.1AI score0.00415EPSS

Exploits0References55

Positive Technologies•added 2026/02/23 12:0 a.m.•4 views

PT-2026-21508

SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'...

9.3CVSS5.8AI score0.00323EPSS

Exploits0References2

CNNVD•added 2026/02/23 12:0 a.m.•6 views

MANANTIAL DE IDEAS Infoticketing SQL注入漏洞

MANANTIAL DE IDEAS Infoticketing is a one-stop ticketing system provided by the Spanish company MANANTIAL DE IDEAS. MANANTIAL DE IDEAS Infoticketing has a SQL injection vulnerability, which stems from improper handling of the code parameter in the components/cart/cartApplyDiscount.php file. This...

9.3CVSS5.9AI score0.00323EPSS

Exploits0References1

GithubExploit•added 2026/02/22 11:28 p.m.•525 views

Exploit for CVE-2025-67644

CVE-2025-67644 PoC – LangGraph SQLite Checkpoint SQL Injection...

7.3CVSS6.2AI score0.02073EPSS

Exploits2

NVD•added 2026/02/22 3:16 p.m.•4 views

CVE-2019-25462

Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or...

8.8CVSS0.00262EPSS

Exploits0References3

NVD•added 2026/02/22 3:16 p.m.•7 views

CVE-2019-25460

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL...

8.8CVSS0.00363EPSS

Exploits1References3

OSV•added 2026/02/22 3:16 p.m.•4 views

CVE-2019-25458

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...

9.8CVSS5.9AI score

Exploits0References3

NVD•added 2026/02/22 3:16 p.m.•8 views

CVE-2019-25455

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information...

8.8CVSS0.00397EPSS

Exploits1References3

Snyk•added 2026/02/22 2:58 p.m.•5 views

SQL Injection

Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to SQL Injection via the elemid POST parameter. An attacker can extract sensitive database information or manipulate database queries by submitting special...

8.8CVSS6.1AI score0.00373EPSS

Exploits1References2

NVD•added 2026/02/22 2:16 p.m.•4 views

CVE-2019-25440

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

8.8CVSS0.00232EPSS

Exploits0References2

NVD•added 2026/02/22 2:16 p.m.•5 views

CVE-2019-25433

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerarpdf.php endpoint with malicious cid values to extract sensitive database...

8.8CVSS0.00262EPSS

Exploits0References3

OSV•added 2026/02/22 2:16 p.m.•2 views

UBUNTU-CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

7.5CVSS6AI score0.0031EPSS

Exploits1References4

NVD•added 2026/02/22 2:15 p.m.•6 views

CVE-2019-25366

microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explodetree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...

8.8CVSS0.00346EPSS

Exploits0References3

CVE•added 2026/02/22 2:12 p.m.•9 views

CVE-2019-25460

Affected software : Web Ofisi Platinum E-Ticaret v5. Vulnerability : SQL injection allowing unauthenticated attackers to manipulate queries via the 'q' GET parameter on the arama endpoint, using time-based techniques to extract data. Root cause / method : improper input handling enabling time-bas...

8.8CVSS5.9AI score0.00363EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/02/22 2:12 p.m.•3 views

CVE-2019-25459 Web Ofisi Emlak V2 SQL Injection via emlak-ara.html

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...

9.8CVSS5.7AI score0.00433EPSS

Exploits1References3

Cvelist•added 2026/02/22 2:12 p.m.•24 views

CVE-2019-25457 Web Ofisi Firma v13 SQL Injection via oz Parameter

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz' values using time-based blind SQL injectio...

8.8CVSS0.00405EPSS

Exploits1References3

Vulnrichment•added 2026/02/22 2:12 p.m.•2 views

CVE-2019-25456 Web Ofisi Emlak v2 SQL Injection via ara Parameter

Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or...

9.1CVSS5.8AI score0.00464EPSS

Exploits1References3

ATTACKERKB•added 2026/02/22 2:12 p.m.•4 views

CVE-2019-25455

8.8CVSS5.9AI score0.00397EPSS

Exploits1References3Affected Software1

CVE•added 2026/02/22 1:43 p.m.•10 views

CVE-2019-25391

CVE-2019-25391 affects Ashop Shopping Cart Software and involves a time-based blind SQL injection via the blacklistitemid parameter in the admin/bannedcustomers.php endpoint. Attackers can send crafted POST requests containing SQL payloads that use SLEEP to infer data from the database. The vulne...

8.8CVSS5.8AI score0.00263EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by