CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/02/22 3:16 p.m.•1 views

CVE-2019-25460

7.5CVSS5.9AI score

Vulnrichment•added 2026/02/22 2:12 p.m.•2 views

CVE-2019-25461 Web Ofisi Platinum E-Ticaret v5 SQL Injection via ajax/productsFilterSearch

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using...

8.8CVSS5.7AI score0.00106EPSS

CVE•added 2026/02/22 2:12 p.m.•5 views

CVE-2019-25461

Web Ofisi Platinum E-Ticaret v5 yields an SQL injection via the ajax/productsFilterSearch endpoint. Unauthenticated attackers can manipulate queries by sending POST requests with crafted values to the q parameter, using time-based blind SQL injection to extract sensitive database information. The...

8.8CVSS6AI score0.00106EPSS

ATTACKERKB•added 2026/02/22 2:12 p.m.•1 views

CVE-2019-25461

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using...

8.8CVSS6AI score0.00106EPSS

Vulnrichment•added 2026/02/22 2:12 p.m.•2 views

CVE-2019-25460 Web Ofisi Platinum E-Ticaret v5 SQL Injection via q Parameter

8.8CVSS5.7AI score0.00106EPSS

ATTACKERKB•added 2026/02/22 2:12 p.m.•2 views

CVE-2019-25460

CVE•added 2026/02/22 2:12 p.m.•6 views

CVE-2019-25460

Affected software : Web Ofisi Platinum E-Ticaret v5. Vulnerability : SQL injection allowing unauthenticated attackers to manipulate queries via the 'q' GET parameter on the arama endpoint, using time-based techniques to extract data. Root cause / method : improper input handling enabling time-bas...

Cvelist•added 2026/02/22 2:12 p.m.•22 views

CVE-2019-25460 Web Ofisi Platinum E-Ticaret v5 SQL Injection via q Parameter

8.8CVSS0.00106EPSS

Positive Technologies•added 2026/02/22 12:0 a.m.•2 views

PT-2026-21448

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using...

Positive Technologies•added 2026/02/22 12:0 a.m.•4 views

Exploits1References4

PT-2026-21447

NVD•added 2026/01/21 6:16 p.m.•1 views

Exploits1References4

CVE-2021-47858

Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'startaddr' parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users when they...

7.2CVSS0.00052EPSS

Vulnrichment•added 2026/01/21 5:27 p.m.•1 views

CVE-2021-47858 Genexis Platinum-4410 P4410-V2-1.31A - 'start_addr' Persistent Cross-Site Scripting

7.2CVSS5AI score0.00052EPSS

Cvelist•added 2026/01/21 5:27 p.m.•15 views

CVE-2021-47858 Genexis Platinum-4410 P4410-V2-1.31A - 'start_addr' Persistent Cross-Site Scripting

7.2CVSS0.00052EPSS

ATTACKERKB•added 2026/01/21 5:27 p.m.•3 views

CVE-2021-47858

7.2CVSS5AI score0.00052EPSS

CNNVD•added 2026/01/21 12:0 a.m.•1 views

Genexis Platinum-4410 Cross-site Scripting Vulnerability

The Genexis Platinum-4410 is a wireless router produced by the Genexis company. The Genexis Platinum-4410 P4410-V2-1.31A version has a cross-site scripting vulnerability. This vulnerability stems from a stored-cross-site scripting issue in the startaddr parameter of the Security Management...

7.2CVSS5.7AI score0.00052EPSS