CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/09 6:31 p.m.•2 views

EUVD-2025-209390

5.9AI score0.00044EPSS

Snyk•added 2026/04/09 6:9 p.m.•2 views

Cross-site Scripting (XSS)

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getInstance function when processing the gid parameter. An attacker can execute arbitrary JavaScript in the context of a logged-in user by...

6.1CVSS5.8AI score0.00044EPSS

Exploits1References2

CVE•added 2026/04/09 12:0 a.m.•4 views

CVE-2025-63238

CVE-2025-63238 is a reported Reflected Cross‑Site Scripting (XSS) in LimeSurvey prior to 6.15.11+250909. The vulnerability stems from missing validation of the gid parameter in getInstance() within application/models/QuestionCreate.php, allowing an attacker to craft a malicious URL that could com...

6.1CVSS5.9AI score0.00044EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/04/09 12:0 a.m.•2 views

CVE-2025-63238

5.9AI score0.00044EPSS

EUVD•added 2026/03/06 3:31 p.m.•1 views

EUVD-2018-21628

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

NVD•added 2026/03/06 1:15 p.m.•4 views

Exploits0References3

CVE-2018-25173

8.8CVSS0.00123EPSS

Vulnrichment•added 2026/03/06 12:19 p.m.•0 views

CVE-2018-25173 Rmedia SMS 1.0 SQL Injection via editgrp.php

Cvelist•added 2026/03/06 12:19 p.m.•22 views

CVE-2018-25173 Rmedia SMS 1.0 SQL Injection via editgrp.php

8.8CVSS0.00123EPSS

ATTACKERKB•added 2026/03/06 12:19 p.m.•1 views

CVE-2018-25173

Exploits0References2Affected Software1

Positive Technologies•added 2026/03/06 12:0 a.m.•4 views

PT-2026-23685

CNNVD•added 2026/03/06 12:0 a.m.•3 views

Exploits0References3

Rmedia SMS SQL注入漏洞

Rmedia SMS is a SMS gateway system developed by Ananditwiz. Version 1.0 of Rmedia SMS has a SQL injection vulnerability. This vulnerability stems from the gid parameter in the editgrp.php file, which allows for SQL injections, potentially leading to the extraction of database schemas and sensitiv...

RedhatCVE•added 2026/01/09 11:43 a.m.•4 views

CVE-2010-0377

SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a playgame action. NOTE: some of these details are obtained from third party information...

7.5CVSS8.8AI score0.00466EPSS

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2013-4797

Malware in sbrugna...

7.5CVSS6.4AI score0.00555EPSS

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2007-5085

Malware in sbrugna...

7.5CVSS6.1AI score0.0055EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 3:56 a.m.•4 views

CVE-2023-34751

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user=groups=edit...

9.8CVSS8.2AI score0.33243EPSS

Exploits1

OSV•added 2023/06/14 2:15 p.m.•12 views

CVE-2023-34751

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit...

9.8CVSS8.5AI score0.33243EPSS

NVD•added 2023/06/14 2:15 p.m.•10 views

CVE-2023-34751

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit...

9.8CVSS9.9AI score0.33243EPSS

ATTACKERKB•added 2023/06/14 2:15 p.m.•2 views

CVE-2023-34751

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit...

9.8CVSS7.4AI score0.33243EPSS