Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

24703 matches found

CVE
CVEadded last week12 views

CVE-2026-10171

The CVE-2026-10171 affects code-projects Online Music Site 1.0, specifically the AdminUpdateAlbum.php endpoint. The vulnerability arises from manipulating the ID argument, enabling SQL injection in an unknown part of the file, with remote exploitation reported. The exploit is publicly disclosed. ...

5.8CVSS5.7AI score0.00027EPSS
Exploits0References5
EUVD
EUVDadded last week8 views

EUVD-2026-33490

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

6.5CVSS6.5AI score0.00028EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/05/31 12:0 a.m.4 views

OFCMS SQL注入漏洞

OFCMS is a content management system developed by the Oufu individual developers. Versions of OFCMS 1.1.3 and earlier had a SQL injection vulnerability. This vulnerability originated from the parameter “system.user.query” in the function Query of the ComnController component’s ComnController.java...

6.5CVSS6.7AI score0.00028EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/05/31 12:0 a.m.5 views

Code-Projects Online Music Site SQL注入漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a SQL injection vulnerability. This vulnerability arises from the parameter ID operations in the file/Administrator/PHP/AdminUpdateAlbum.php,...

5.8CVSS5.9AI score0.00027EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/05/31 12:0 a.m.7 views

PT-2026-45186

A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and...

6.5CVSS6.4AI score0.00033EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/05/31 12:0 a.m.9 views

PT-2026-45174

A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public a...

5.8CVSS5.7AI score0.00027EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/05/31 12:0 a.m.6 views

OpenCats SQL注入漏洞

OpenCats is an open-source recruitment process management system developed by OpenCats. Version OpenCATS 0.9.1a contains a SQL injection vulnerability. This vulnerability stems from SQL injections in the DataGrid filter processing. It may allow authenticated attackers to bypass column filtering...

8.6CVSS6.1AI score0.00026EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/31 12:0 a.m.8 views

PT-2026-45219

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated remotely. T...

6.5CVSS6.4AI score0.00028EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/05/31 12:0 a.m.9 views

PT-2026-45221

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated remotely...

6.5CVSS6.4AI score0.00028EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/05/31 12:0 a.m.6 views

PT-2026-45203

A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollerComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sql...

6.5CVSS6.4AI score0.00028EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/05/31 12:0 a.m.8 views

Aider SQL注入漏洞

Aider is an open-source terminal AI pair programming tool developed by Aider AI. Version 0.86.3 of Aider contains a SQL injection vulnerability, which arises from the Code Generation Workflow component causing SQL injections. Attackers can launch attacks remotely due to this vulnerability...

6.5CVSS6.7AI score0.00033EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/05/31 12:0 a.m.12 views

PT-2026-45220

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched remotely. T...

6.5CVSS6.4AI score0.00028EPSS
Exploits0References6
CVE
CVEadded 2026/05/30 11:30 p.m.9 views

CVE-2026-10155

The CVE-2026-10155 describes a SQL injection in Bdtask Multi-Store Inventory Management System 1.0, specifically in accounts_report_search (application/modules/accounts/controllers/Accounts.php of Accounts Report Handler). The vulnerability is triggered by manipulating the argument dtpToDate, ena...

5.8CVSS5.7AI score0.00034EPSS
Exploits0References4
NVD
NVDadded 2026/05/30 4:17 p.m.9 views

CVE-2018-25420

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to watch.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS0.0009EPSS
Exploits0References4
NVD
NVDadded 2026/05/30 4:17 p.m.10 views

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS0.00029EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/30 2:55 p.m.7 views

EUVD-2018-21946

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

8.8CVSS5.9AI score0.002EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/30 2:55 p.m.6 views

EUVD-2018-21944

MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00092EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/30 2:55 p.m.7 views

EUVD-2018-21940

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers can send GET requests to year.php with crafted SQL payloads in the year parameter to extract sensiti...

8.8CVSS6.1AI score0.0009EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/30 2:55 p.m.9 views

CVE-2018-25416

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

8.8CVSS6.1AI score0.0009EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/05/30 2:55 p.m.15 views

CVE-2018-25416

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability in country.php via the country parameter. An unauthenticated attacker can send crafted GET requests to extract sensitive data from the database (usernames, database names, version details). CVSS data indicates high impact with network ac...

8.8CVSS6.1AI score0.0009EPSS
Exploits0References4
Rows per page
Query Builder