CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

87 matches found

Positive Technologies•added 2026/04/20 12:0 a.m.•1 views

PT-2026-33690

A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument bus id leads to sql...

7.5CVSS6.8AI score0.0004EPSS

Exploits0References5

CVE•added 2026/03/24 11:11 p.m.•4 views

CVE-2026-4781

CVE-2026-4781 affects SourceCodester Sales and Inventory System 1.0, specifically the update_purchase.php file’s HTTP GET parameter sid. The root cause is manipulation of sid leading to SQL injection, enabling remote exploitation. Multiple sources confirm the flaw and indicate an exploit has been...

8.8CVSS6.4AI score0.00037EPSS

Exploits1References5Affected Software1

CVE•added 2026/03/24 11:11 p.m.•4 views

CVE-2026-4780

CVE-2026-4780 affects SourceCodester Sales and Inventory System 1.0. The vulnerability is in the HTTP GET Parameter Handler of the file update_out_standing.php, where manipulating the sid argument enables a SQL injection. This can be carried out remotely, and public exploits exist. Multiple sourc...

8.8CVSS6.4AI score0.00037EPSS

Exploits1References5Affected Software1

Cvelist•added 2026/01/19 10:32 p.m.•13 views

CVE-2026-1179 Yonyou KSOA HTTP GET Parameter user_popedom.jsp sql injection

A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/userpopedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection. The attack can be launched remotely. The exploit is now public and may be...

7.5CVSS0.00048EPSS

Exploits0References4

Positive Technologies•added 2026/01/19 12:0 a.m.•4 views

PT-2026-3512

A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/user popedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection. The attack can be launched remotely. The exploit is now public and may b...

7.5CVSS5.4AI score0.00048EPSS

Exploits0References5

Positive Technologies•added 2026/01/19 12:0 a.m.•3 views

PT-2026-3408

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A flaw exists in Yonyou KSOA 9.0 related to the processing of the file '/worksheet/worksadd plan.jsp' within the HTTP GET Parameter Handler component. Manipulation of the ID argument can lead to SQL injectio...

9.8CVSS7.2AI score0.00015EPSS

Exploits0References10

Cvelist•added 2026/01/18 3:2 p.m.•24 views

CVE-2026-1123 Yonyou KSOA HTTP GET Parameter work_mod.jsp sql injection

A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/workmod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available an...

7.5CVSS0.00015EPSS

Exploits0References4

CVE•added 2026/01/18 3:2 p.m.•11 views

CVE-2026-1123

CVE-2026-1123 affects Yonyou KSOA 9.0. The vulnerability is in an unknown function of the file /worksheet/work_mod.jsp under the HTTP GET Parameter Handler; manipulating the ID parameter can cause SQL injection. The attack can be launched remotely and there are publicly available exploits. Multip...

9.8CVSS6.6AI score0.00015EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/01/18 1:32 p.m.•19 views

CVE-2026-1121 Yonyou KSOA HTTP GET Parameter del_workplan.jsp sql injection

A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/delworkplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public an...

7.5CVSS0.00015EPSS

Exploits0References4

RedhatCVE•added 2026/01/07 9:33 a.m.•4 views

CVE-2019-16521

The broken-link-checker plugin through 1.11.8 for WordPress aka Broken Link Checker is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS...

6.1CVSS6.2AI score0.00266EPSS

Exploits1References1

CVE•added 2026/01/02 2:32 a.m.•9 views

CVE-2025-15424

CVE-2025-15424 affects Yonyou KSOA 9.0, specifically an SQL injection in the HTTP GET parameter handler for the file /worksheet/agent_worksdel.jsp via manipulation of the ID argument. The vulnerability enables remote exploitation and has publicly available exploits/PoC. Multiple sources confirm t...

9.8CVSS7.1AI score0.00024EPSS

Exploits1References6Affected Software1

Vulnrichment•added 2026/01/02 1:2 a.m.•4 views

CVE-2025-15421 Yonyou KSOA HTTP GET Parameter agent_worksadd.jsp sql injection

A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agentworksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now publ...

7.5CVSS6.8AI score0.0002EPSS

Exploits1References5

Positive Technologies•added 2026/01/02 12:0 a.m.•9 views

PT-2026-1043

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A SQL injection issue exists in Yonyou KSOA 9.0 due to manipulation of the ID argument within the HTTP GET parameter handler of the /worksheet/agent worksdel.jsp file. Remote exploitation is possible. The...

7.5CVSS7.1AI score0.00024EPSS

Exploits1References14