CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

376 matches found

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

7.5CVSS5.4AI score0.00033EPSS

Exploits0References1

CVE•added 2026/05/04 12:45 a.m.•4 views

CVE-2026-7716

CVE-2026-7716 describes an SQL injection in the Gym Management System (code-projects) for PHP on Windows NT 1.0, via manipulation of the day parameter in /index.php. The exact vulnerable component and file are /index.php; the root cause is improper handling of user input leading to SQL injection....

6.5CVSS6.5AI score0.00031EPSS

Exploits0References5

Packet Storm•added 2026/04/29 12:0 a.m.•33 views

📄 School Management System PHP 1.0.0 Cross Site Scripting

School Management System PHP version 1.0.0 suffers from a persistent cross site scripting vulnerability that can lead to administrative account takeover. ==================================================== School Management System PHP - Stored XSS leading to Admin Account Takeover...

5AI score

Exploits0

NVD•added 2026/04/05 4:16 a.m.•3 views

CVE-2026-5537

A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function checksel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection...

6.5CVSS0.00011EPSS

Exploits0References4

CVE•added 2026/01/19 6:42 p.m.•6 views

CVE-2026-23843

Summary: CVE-2026-23843 affects the teklifolustur_app PHP web app. An IDOR vulnerability exists in the offer view function: authenticated users can modify the offer_id to access offers owned by others due to missing authorization checks. The issue is mitigated by the patch introduced in commit dd...

7.1CVSS5.5AI score0.00051EPSS

Exploits0References2

OSV•added 2025/12/18 8:16 a.m.•0 views

CVE-2025-58947

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Athos: from n/a through = 1.9...

8.2CVSS5.8AI score

Exploits0References1

NVD•added 2025/12/05 4:15 p.m.•1 views

CVE-2025-14091

A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Product Details Page. Executing manipulation of the argument ID can lead to sql injection. It is possib...

7.5CVSS0.00026EPSS

Exploits0References4

Cvelist•added 2025/10/27 12:0 a.m.•4 views

CVE-2025-61247

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...

0.00035EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-0598

Malware in sbrugna...

7.5CVSS7.4AI score0.00589EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2004-2579

Malware in sbrugna...

5CVSS6.4AI score0.00661EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2012-1657

Malware in sbrugna...

4.3CVSS6.4AI score0.0067EPSS

Exploits1References10

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-34543