CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

82372 matches found

Vulnrichment•added 2026/02/22 1:43 p.m.•4 views

CVE-2019-25391 Ashop Shopping Cart Software Lastest Latest SQL Injection via bannedcustomers.php

Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POST requests to the admin/bannedcustomers.php endpoint with crafted SQL payloads using SLEEP functio...

8.8CVSS5.7AI score0.00263EPSS

Exploits0References2

Vulnrichment•added 2026/02/22 1:43 p.m.•5 views

CVE-2019-25366 microASP Portal+ CMS SQL Injection via pagina.phtml

microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explodetree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...

8.8CVSS6.1AI score0.00346EPSS

Exploits0References3

ATTACKERKB•added 2026/02/22 1:43 p.m.•5 views

CVE-2019-25366

8.8CVSS6.3AI score0.00346EPSS

Exploits0References3

Cvelist•added 2026/02/22 1:43 p.m.•28 views

CVE-2019-25366 microASP Portal+ CMS SQL Injection via pagina.phtml

8.8CVSS0.00346EPSS

Exploits0References3

ATTACKERKB•added 2026/02/22 1:34 p.m.•7 views

CVE-2019-25440

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

8.8CVSS5.9AI score0.00232EPSS

Exploits0References2

CVE•added 2026/02/22 1:34 p.m.•11 views

CVE-2019-25440

CVE-2019-25440 — WebIncorp ERP suffers an unauthenticated SQL injection via the prod_id parameter in product_detail.php, enabling attackers to manipulate queries and potentially extract sensitive data. The vulnerability is triggered by GET requests with malicious prod_id values. Public references...

8.8CVSS5.9AI score0.00232EPSS

Exploits0References2

Vulnrichment•added 2026/02/22 1:34 p.m.•4 views

CVE-2019-25433 XOOPS CMS 2.5.9 SQL Injection via gerar_pdf.php

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerarpdf.php endpoint with malicious cid values to extract sensitive database...

8.8CVSS5.7AI score0.00262EPSS

Exploits0References3

ATTACKERKB•added 2026/02/22 1:34 p.m.•7 views

CVE-2019-25433

8.8CVSS5.9AI score0.00262EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/02/22 1:18 p.m.•4 views

CVE-2019-25452 Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extrac...

8.8CVSS6.1AI score0.00373EPSS

Exploits1References2

Cvelist•added 2026/02/22 1:18 p.m.•28 views

CVE-2019-25452 Dolibarr ERP/CRM 10.0.1 SQL Injection via elemid

8.8CVSS0.00373EPSS

Exploits1References2

Vulnrichment•added 2026/02/22 1:18 p.m.•1 views

CVE-2019-25450 Dolibarr ERP/CRM 10.0.1 SQL Injection via card.php

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

7.5CVSS5.7AI score0.0031EPSS

Exploits1References2

CVE•added 2026/02/22 1:18 p.m.•13 views

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains SQL injection vulnerabilities in card.php endpoints (parameters such as actioncode, demand_reason_id, availability_id) that allow authenticated attackers to manipulate queries and extract sensitive data. The flaw enables boolean-based blind, error-based, and time-...

7.5CVSS5.9AI score0.0031EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/02/22 1:18 p.m.•6 views

CVE-2019-25446

DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these...

8.8CVSS6AI score0.00232EPSS

Exploits0References2

ATTACKERKB•added 2026/02/22 1:18 p.m.•5 views

CVE-2019-25442

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to memberprofile.asp with malicious PF values to extract sensitive database information...

8.8CVSS5.9AI score0.0038EPSS

Exploits1References2Affected Software1

GithubExploit•added 2026/02/22 10:22 a.m.•169 views

Exploit for CVE-2025-69295

CVE-2025-69295 — TeconceTheme Coven Core Blind SQL Injection Vul...

6.1AI score0.0041EPSS

Exploits2

GithubExploit•added 2026/02/22 8:46 a.m.•152 views

SQLi-Exfiltration-Lab

SQL Injection SQLi - Database Exfiltration Lab Overview...

6.1AI score

Exploits0

RedhatCVE•added 2026/02/22 1:28 a.m.•6 views

CVE-2019-25451

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collectio...

8.8CVSS5.3AI score0.00319EPSS

Exploits1References1

RedhatCVE•added 2026/02/22 1:28 a.m.•6 views

CVE-2019-25447

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...

5.3CVSS5.2AI score0.0013EPSS

Exploits1References1

RedhatCVE•added 2026/02/22 1:28 a.m.•4 views

CVE-2019-25438

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...

8.8CVSS6.4AI score0.00478EPSS

Exploits1References1

RedhatCVE•added 2026/02/22 1:27 a.m.•7 views

CVE-2019-25432

Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain unauthorized access to...

8.8CVSS5.9AI score0.00351EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by