CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/21 5:10 p.m.•3 views

EUVD-2026-31313

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...

ATTACKERKB•added 2026/05/21 5:10 p.m.•2 views

CVE-2026-48233

Cvelist•added 2026/05/21 5:10 p.m.•30 views

CVE-2026-48232 Open ISES Tickets < 3.44.2 SQL Injection via ajax/fullsit_incidents.php offset Parameter

7.1CVSS0.00027EPSS

Positive Technologies•added 2026/05/21 12:0 a.m.•7 views

PT-2026-42511

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, ...

CNNVD•added 2026/05/21 12:0 a.m.•5 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the offset GET parameters in the ajax/fullsit-incidents.php file being directly...

Vulnrichment•added 2025/10/25 6:49 a.m.•4 views

Exploits0References1

CVE-2025-4203 wpForo Forum <= 2.4.8 - Unauthenticated SQL Injection via get_members Function

The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the getmembers function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'rowcount' parameters. The function blindly interpolates 'rowcount' into a...

7.5CVSS6.8AI score0.00069EPSS

NVD•added 2023/04/28 7:15 p.m.•11 views

CVE-2023-26021

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864...

7.5CVSS7.5AI score0.00129EPSS

OSV•added 2023/04/28 7:15 p.m.•0 views

CVE-2023-26021

7.5CVSS7.1AI score0.00129EPSS

CNNVD•added 2023/04/28 12:0 a.m.•1 views

IBM DB2 输入验证错误漏洞

IBM DB2 is a relational database management system from International Business Machines IBM. The system is implemented in UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 suffers from an input validation error vulnerability that stems from susceptibility to denial-of-service attacks,...

7.5CVSS7.2AI score0.00129EPSS

Exploits0References6

IBM Security Bulletins•added 2023/04/24 9:40 p.m.•39 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. (CVE-2023-26021)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted SQL query using a LIMIT clause. Vulnerability Details CVEID:CVE-2023-26021 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of servic...

7.5CVSS7.5AI score0.00129EPSS

Exploits0Affected Software1

OSV•added 2021/12/09 8:15 p.m.•11 views

CVE-2021-43608

Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other A...

9.8CVSS7.7AI score

UbuntuCve•added 2021/12/09 8:15 p.m.•18 views

CVE-2021-43608

9.8CVSS7.3AI score0.01352EPSS

Exploits0References2

OSV•added 2021/12/09 8:15 p.m.•1 views

UBUNTU-CVE-2021-43608

9.8CVSS7.3AI score0.01352EPSS

Cvelist•added 2021/12/09 7:2 p.m.•11 views

CVE-2021-43608

10AI score0.01352EPSS