CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

204 matches found

CVE•added 2026/03/18 5:21 p.m.•5 views

CVE-2026-32611

CVE-2026-32611 describes a SQL injection in Glances’ DuckDB export module. The vulnerability arises because table/column names in DDL statements are interpolated from monitoring data via f-strings, while DuckDB INSERT values already use parameterized queries. The GHSA-x46r fix addressed Timescale...

9.1CVSS5.8AI score0.00018EPSS

Exploits1References3Affected Software1

GithubExploit•added 2026/03/18 4:16 p.m.•108 views

web-app-security-project

🛡️ Web Application Security Project 📌 Overview This projec...

5.9AI score

Exploits0

OSV•added 2026/03/16 4:34 p.m.•2 views

GHSA-49G7-2WW7-3VF5 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Summary The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module glances/exports/glancesduckdb/init.py was not included in this fix...

7CVSS5.9AI score0.00018EPSS

Exploits1References5

Positive Technologies•added 2026/03/09 12:0 a.m.•4 views

PT-2026-24168

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.1 Description Glances, a cross-platform system monitoring tool, contains a flaw in its TimescaleDB export module. The module builds SQL queries by concatenating strings with unverified system monitoring data. The...

9.8CVSS6.1AI score0.00034EPSS

Exploits1References17

Positive Technologies•added 2026/03/02 12:0 a.m.•2 views

PT-2026-22604

Name of the Vulnerable Software and Affected Versions code-projects Simple Student Alumni System version 1.0 Description The software contains a SQL Injection flaw in the /TracerStudy/recordteacher edit.php file. The vulnerability exists due to insufficient sanitization of user-supplied input. Th...

9.8CVSS6AI score0.00049EPSS

Exploits1References8

GithubExploit•added 2026/02/17 1:42 p.m.•246 views

Exploit for CVE-2025-4517

CVE-2025-4517-PoC VE-2025-451...

9.4CVSS5.5AI score0.00403EPSS

Exploits11

Positive Technologies•added 2026/02/06 12:0 a.m.•4 views

PT-2026-6822

Name of the Vulnerable Software and Affected Versions eLection version 2.0 Description The software contains an authenticated SQL injection issue in the candidate management endpoint. Attackers can manipulate database queries through the id parameter. Exploitation can be performed using SQLMap,...

7.1CVSS6.5AI score0.00028EPSS

Exploits0References6

GithubExploit•added 2026/01/20 6:28 a.m.•138 views

security-antipatterns-javascript

Security Anti-Patterns for JavaScript AI coding agents don't...

6AI score

Exploits0

Positive Technologies•added 2026/01/01 12:0 a.m.•2 views

PT-2026-25849

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.3 Description Glances, a system cross-platform monitoring tool, contains a SQL injection issue in the DuckDB export module. The TimescaleDB export module was previously fixed for SQL injection by using parameteriz...

9.1CVSS5.8AI score0.00018EPSS

Exploits1References24

Cvelist•added 2025/11/26 12:48 a.m.•4 views

CVE-2025-66260 PostgreSQL SQL Injection (status_sql.php)

PostgreSQL SQL Injection statussql.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in statussql.php. The statussql.php endpoint constructs...

7.2CVSS0.00028EPSS

Exploits1References1

Positive Technologies•added 2025/11/18 12:0 a.m.•2 views

PT-2025-47337

Name of the Vulnerable Software and Affected Versions Hospital Management System version 4 Description The Hospital Management System version 4 is susceptible to a SQL Injection issue within the admin-panel1.php file, specifically in the doctor deletion functionality. The application does not...

6.5CVSS7.5AI score0.00042EPSS

Exploits1References4

GithubExploit•added 2025/10/26 4:54 p.m.•101 views

sql_injection_analyzer

sqlinjectionanalyzer This is a comprehensive educational t...

7.9AI score

Exploits0

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-4539

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00038EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-1685

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00378EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-0465

Malicious code in bioql PyPI...

10CVSS7.9AI score0.0035EPSS

Exploits0References11

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2021-29050

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.0062EPSS

Exploits0References2

OSV•added 2025/09/16 3:32 p.m.•0 views

GHSA-JMP9-X22R-554X Spring Framework annotation detection mechanism may result in improper authorization

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS5.8AI score0.00112EPSS

Exploits0References6

NCSC•added 2025/09/16 1:38 p.m.•5 views

Vulnerabilities fixed in Spring Framework

VMWare has fixed vulnerabilities in the Spring Security framework. The vulnerabilities are in the way the Spring Security framework detects annotations, particularly in type hierarchies that use parameterized supertypes with unlimited generics. This can lead to authorization bypassing when using...

7.5CVSS6.9AI score0.00112EPSS

Exploits0References1

OSV•added 2025/09/16 11:15 a.m.•2 views

DEBIAN-CVE-2025-41249

7.5CVSS6.7AI score0.00112EPSS

Exploits0References1