CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1414 matches found

Cvelist•added 2026/02/08 3:2 a.m.•26 views

CVE-2026-2132 code-projects Online Music Site AdminUpdateCategory.php sql injection

A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the argument txtcat results in sql injection. The attack can be executed remotely. The exploit has bee...

7.5CVSS0.00323EPSS

Exploits1References5

ATTACKERKB•added 2026/01/27 3:23 p.m.•4 views

CVE-2020-36951

Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to...

8.8CVSS5.9AI score0.00297EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/01/20 8:48 p.m.•5 views

CVE-2026-21664

HackerOne community member Huynh Pham Thanh Luc nigh7c0r3 has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent ...

6.1CVSS5.5AI score0.00163EPSS

Exploits0References2Affected Software1

CVE•added 2026/01/09 3:32 p.m.•14 views

CVE-2026-0803

CVE-2026-0803 affects the PHPGurukul Online Course Registration System up to version 3.1. The vulnerability lies in the /enroll.php file where manipulating the parameters studentregno, Pincode, session, department, level, course, or sem enables SQL injection. The issue can be exploited remotely, ...

8.8CVSS6.7AI score0.00368EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2026/01/06 1:13 p.m.•14 views

CVE-2026-0591

A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument id/qty leads to sql injection. It is possible to launch t...

6.5CVSS7.2AI score0.00315EPSS

Exploits1References1

OSV•added 2025/12/30 11:15 p.m.•6 views

CVE-2022-50789

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands by making a single HTTP POST request to the...

7.8CVSS6AI score0.03744EPSS

Exploits2References5

NVD•added 2025/12/18 9:15 p.m.•3 views

CVE-2025-63950

An insecure deserialization vulnerability exists in the download.php script of the to3k Twittodon application through commit b1c58a7d1dc664b38deb486ca290779621342c0b 2023-02-28. The 'obj' parameter receives base64-encoded data that is passed directly to the unserialize function without validation...

7.5CVSS0.00437EPSS

Exploits1References2

CVE•added 2025/12/18 12:0 a.m.•9 views

CVE-2025-63950

The CVE describes an insecure deserialization vulnerability in the to3k Twittodon application, specifically in the download.php script where the obj parameter is base64-encoded data passed directly to unserialize() without validation. This allows a remote, unauthenticated attacker to inject arbit...

7.5CVSS6.8AI score0.00437EPSS

Exploits1References2Affected Software1

EUVD•added 2025/12/14 3:30 a.m.•3 views

EUVD-2025-203274

A security vulnerability has been detected in itsourcecode Online Pet Shop Management System 1.0. This issue affects some unknown processing of the file /pet1/updatecnp.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS7.2AI score0.00333EPSS

Exploits1References6

Packet Storm•added 2025/12/12 12:0 a.m.•130 views

📄 Desktop XDG 1.0 Code Execution

This proof of concept generates a malicious file that allows for arbitrary code execution in Desktop XDG version 1.0. ============================================================================================================================================= | Title : Desktop XDG v1.0 Malicious...

7.9AI score

Exploits0

Positive Technologies•added 2025/12/10 12:0 a.m.•5 views

PT-2025-50528

Name of the Vulnerable Software and Affected Versions appRain CMF version 4.0.5 Description The application contains a remote code execution issue accessible to authenticated administrative users. An attacker can upload malicious PHP files through the filemanager upload endpoint. Successful...

8.6CVSS8AI score0.00821EPSS

Exploits1References6

Packet Storm•added 2025/12/04 12:0 a.m.•146 views

📄 Azure APIM 2 Vulnerability Checker

This PHP script is a full vulnerability scanner with proof of concepts for Azure API Management APIM instances, focusing on the possibility of cross‑tenant account signup bypass through the Basic Auth Identity Provider...

7AI score

Exploits0

NVD•added 2025/11/26 1:16 a.m.•6 views

CVE-2025-66261

Unauthenticated OS Command Injection restoresettings.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec allows remote code execution. The...

9.9CVSS0.02011EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-18975

Malware in sbrugna...

8.8CVSS8.8AI score0.00636EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2016-6717

Malware in sbrugna...

8.6CVSS8.8AI score0.0207EPSS

Exploits0References4