CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

Positive Technologies•added 2026/04/02 12:0 a.m.•2 views

PT-2026-29745

A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible to be carried out...

7.5CVSS6.8AI score0.00371EPSS

Exploits1References6

NVD•added 2026/03/27 6:16 p.m.•3 views

CVE-2026-4966

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/modroom/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and m...

6.5CVSS0.0025EPSS

Exploits0References5

NVD•added 2026/02/21 8:16 a.m.•8 views

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

8.8CVSS0.0048EPSS

Exploits2References4

CVE•added 2026/02/21 8:5 a.m.•65 views

CVE-2026-27470

ZoneMinder (versions 1.36.37 and earlier; 1.37.61–1.38.0) contains a second‑order SQL Injection in web/ajax/status.php:getNearEvents(). Although event fields Name and Cause are stored via parameterized queries, they are concatenated into SQL WHERE clauses without escaping, allowing an authenticat...

8.8CVSS6.4AI score0.0048EPSS

Exploits2References4Affected Software1

Vulnrichment•added 2026/02/21 8:5 a.m.•5 views

CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields

8.8CVSS6.2AI score0.0048EPSS

Exploits2References4

AlpineLinux•added 2026/02/21 8:5 a.m.•4 views

CVE-2026-27470

8.8CVSS6.4AI score0.0048EPSS

Exploits2

CNVD•added 2025/11/18 12:0 a.m.•3 views

Inventory Management System ID Parameter SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that stems from improper handling of the ID parameter in the /admin/products/index.php?view=edit file. No details of the vulnerability are available at this time...

9.8CVSS8.1AI score0.00282EPSS

Exploits1References1

Cvelist•added 2025/11/17 1:32 a.m.•11 views

CVE-2025-13257 itsourcecode Inventory Management System index.php sql injection

A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has be...

7.5CVSS0.00339EPSS

Exploits1References5

Vulnrichment•added 2025/11/17 1:32 a.m.•3 views

CVE-2025-13257 itsourcecode Inventory Management System index.php sql injection

7.5CVSS7.2AI score0.00339EPSS

Exploits1References5

EUVD•added 2025/11/16 6:31 a.m.•7 views

EUVD-2025-197714

A vulnerability was identified in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

6.5CVSS6.6AI score0.00282EPSS

Exploits1References6

OSV•added 2025/11/16 4:15 a.m.•5 views

CVE-2025-13236

9.8CVSS5.8AI score0.00282EPSS

Exploits1References5

Cvelist•added 2025/11/16 4:2 a.m.•9 views

CVE-2025-13236 itsourcecode Inventory Management System index.php sql injection

6.5CVSS0.00282EPSS

Exploits1References5

Vulnrichment•added 2025/11/16 4:2 a.m.•3 views

CVE-2025-13236 itsourcecode Inventory Management System index.php sql injection

6.5CVSS6.4AI score0.00282EPSS

Exploits1References5

Positive Technologies•added 2025/11/16 12:0 a.m.•5 views

PT-2025-47070

Name of the Vulnerable Software and Affected Versions itsourcecode Inventory Management System version 1.0 Description A flaw exists in itsourcecode Inventory Management System 1.0 that allows for remote SQL injection. The issue is located in the file /admin/products/index.php?view=edit,...

6.5CVSS6.8AI score0.00282EPSS

Exploits1References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-31456

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00376EPSS

Exploits1References6

RedhatCVE•added 2025/09/29 1:31 a.m.•9 views

CVE-2025-11090

A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Affected is an unknown function of the file /admin/employee/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...

6.5CVSS7.1AI score0.00303EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:45 a.m.•6 views

CVE-2022-46651

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the...

6.5CVSS6.5AI score0.00886EPSS

Exploits0References1

OSV•added 2024/03/06 10:55 a.m.•18 views

BIT-AIRFLOW-2022-46651 Apache Airflow: Security vulnerability on AirFlow Connections

6.5CVSS6.2AI score0.00886EPSS

Exploits0References3