CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

443 matches found

Vulnrichment•added 2026/02/05 3:25 p.m.•4 views

CVE-2020-37151 phpMyChat Plus 1.98 'deluser.php' SQL Injection

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmcusername parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database...

8.8CVSS5.6AI score0.00092EPSS

Exploits1References3

Cvelist•added 2026/02/03 10:1 p.m.•24 views

CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS0.0013EPSS

Exploits1References3

CVE•added 2026/02/03 10:1 p.m.•6 views

CVE-2020-37076

Victor CMS 1.0 is affected by a SQL injection in the post parameter of post.php. The vulnerability allows remote attackers to manipulate database queries using crafted UNION SELECT payloads to extract information via boolean-based, error-based, and time-based techniques. Reported across multiple ...

8.8CVSS5.8AI score0.0013EPSS

Exploits1References3Affected Software1

ATTACKERKB•added 2026/02/03 10:1 p.m.•2 views

CVE-2020-37076

8.8CVSS5.8AI score0.0013EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/02/03 10:1 p.m.•1 views

CVE-2020-37076 Victor CMS 1.0 - 'post' SQL Injection

8.8CVSS5.7AI score0.0013EPSS

Exploits1References3

CVE•added 2026/02/03 4:52 p.m.•8 views

CVE-2020-37112

CVE-2020-37112 affects GUnet OpenEclass 1.7.3. The provided documents describe multiple SQL injection vulnerabilities in the agenda module and other endpoints, exploitable by authenticated attackers to manipulate queries and extract sensitive data via error-based or time-based techniques (via the...

7.1CVSS5.6AI score0.00065EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/02/03 4:52 p.m.•2 views

CVE-2020-37112 GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...

7.1CVSS5.6AI score0.00065EPSS

Exploits1References4

Positive Technologies•added 2026/02/03 12:0 a.m.•2 views

PT-2026-5827

8.8CVSS5.9AI score0.0013EPSS

Exploits1References4

Positive Technologies•added 2026/02/03 12:0 a.m.•4 views

PT-2026-5857

Name of the Vulnerable Software and Affected Versions GUnet OpenEclass version 1.7.3 Description The software contains multiple SQL injection flaws. Authenticated attackers can manipulate database queries through unvalidated parameters. Attackers can exploit the month parameter in the agenda modu...

7.1CVSS5.6AI score0.00065EPSS

Exploits1References6

NVD•added 2026/01/15 4:16 p.m.•1 views

CVE-2021-47766

Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to...

7.1CVSS0.00016EPSS

Exploits0References2

EUVD•added 2026/01/15 3:52 p.m.•1 views

EUVD-2026-2773

7.1CVSS7.3AI score0.00016EPSS

Exploits0References4

ATTACKERKB•added 2026/01/15 12:0 a.m.•4 views

CVE-2025-67082

An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...

6.5CVSS6AI score0.00047EPSS

Exploits1References3

Positive Technologies•added 2026/01/15 12:0 a.m.•2 views

PT-2026-3026

Name of the Vulnerable Software and Affected Versions InvoicePlane versions through 1.6.3 Description An SQL injection issue exists in InvoicePlane. The problem is found in the maxQuantity and minQuantity parameters when generating a report. A user with valid credentials can exploit this by using...

6.5CVSS7.4AI score0.00047EPSS

Exploits1References4

RedhatCVE•added 2026/01/14 11:18 p.m.•1 views

CVE-2022-50895

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

9.8CVSS7.7AI score0.00066EPSS

Exploits1References1

NVD•added 2026/01/13 11:15 p.m.•1 views

CVE-2022-50895

9.8CVSS0.00066EPSS

Exploits1References4

OSV•added 2026/01/13 11:15 p.m.•0 views

CVE-2022-50895

9.8CVSS5.9AI score

Exploits0References4

GithubExploit•added 2026/01/03 8:15 p.m.•225 views

Exploit for Code Injection in Symfony Twig

Successful Errors: New Code Injection and SSTI Techniques !R...

9.8CVSS8.5AI score0.89929EPSS

Exploits7

OSV•added 2025/12/22 10:16 p.m.•0 views

CVE-2023-53972

WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access...

7.5CVSS5.8AI score

Exploits0References3

NVD•added 2025/12/22 10:16 p.m.•3 views

CVE-2023-53972

9.3CVSS0.00055EPSS

Exploits1References3

Vulnrichment•added 2025/12/22 9:35 p.m.•1 views

CVE-2023-53972 WebTareas 2.4 Unauthenticated SQL Injection via Session Cookie Parameter

9.3CVSS7.4AI score0.00055EPSS

Exploits1References3

Rows per page