CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

104972 matches found

NVD•added 2026/05/25 5:16 p.m.•15 views

CVE-2026-9475

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument Comment causes os command injection. Remote exploitation of the attack is...

10CVSS0.01909EPSS

Exploits0References5

EUVD•added 2026/05/25 4:45 p.m.•12 views

EUVD-2026-31708

10CVSS7AI score0.01909EPSS

Exploits0References5

EUVD•added 2026/05/25 4:30 p.m.•11 views

EUVD-2026-31707

A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirmloggedin of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched...

7.5CVSS6.8AI score0.00319EPSS

Exploits0References5

ATTACKERKB•added 2026/05/25 3:45 p.m.•7 views

CVE-2026-9471

A vulnerability was detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file /student.php. Performing a manipulation of the argument FIRSTNAME results in cross site scripting. The attack can be initiated remotely...

5.1CVSS4.3AI score0.00248EPSS

Exploits0References5

NVD•added 2026/05/25 3:16 p.m.•18 views

CVE-2026-9465

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/GetDBDataEx.jsp. Performing a manipulation of the argument strTBName results in sql injection. Remote exploitation of the attack is possible...

7.5CVSS0.00319EPSS

Exploits0References4

NVD•added 2026/05/25 3:16 p.m.•16 views

CVE-2018-25379

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...

8.8CVSS0.0039EPSS

Exploits0References3

NVD•added 2026/05/25 3:16 p.m.•16 views

CVE-2018-25372

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...

8.8CVSS0.00305EPSS

Exploits0References2

NVD•added 2026/05/25 3:16 p.m.•11 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS0.00337EPSS

Exploits0References3

NVD•added 2026/05/25 3:16 p.m.•10 views

CVE-2018-25371

mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality. Attackers can inject SQL code using boolean-based blind, time-based blind, or stacked query...

8.8CVSS0.00348EPSS

Exploits0References4

NVD•added 2026/05/25 3:16 p.m.•9 views

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS0.00309EPSS

Exploits0References3

ATTACKERKB•added 2026/05/25 3:15 p.m.•7 views

CVE-2026-9469

A weakness has been identified in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. The impacted element is an unknown function of the file /success.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remotely. T...

7.5CVSS5.7AI score0.00319EPSS

Exploits0References5

CVE•added 2026/05/25 3:15 p.m.•16 views

CVE-2026-9469

CVE-2026-9469 describes a SQL injection in yashpokharna2555 StudentManagementSystem, affecting an unknown function in /success.php where manipulating the User argument enables remote exploitation. The exploit is publicly available. The advisory notes a rolling-release workflow with no version det...

7.5CVSS6.9AI score0.00319EPSS

Exploits0References5

CVE•added 2026/05/25 2:15 p.m.•22 views

CVE-2026-9465

CVE-2026-9465 affects Tiandy Easy7 Integrated Management Platform 7.17.0. The vulnerability is in unknown code of /Easy7/apps/WebService/GetDBDataEx.jsp, where manipulating the argument strTBName results in SQL injection. Remote exploitation is possible and the exploit has been made public. The v...

7.5CVSS6.8AI score0.00319EPSS

Exploits0References4

CVE•added 2026/05/25 2:15 p.m.•19 views

CVE-2018-25379

CVE-2018-25379 affects Collectric CMU 1.0 and describes a boolean-based blind SQL injection in the login flow through the lang parameter. The vulnerability allows unauthenticated attackers to influence database queries during authentication, enabling extraction of sensitive data via time-based bl...

8.8CVSS5.9AI score0.0039EPSS

Exploits0References3