CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

123 matches found

Chamilo model.ajax.php - SQL Injection

main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Injection via the searchField, filters, or filters2 parameter. id: CVE-2021-34187 info: name: Chamilo model.ajax.php - SQL Injection author: DhiyaneshDK severity: critical description: | main/inc/ajax/model.ajax.php in Chamilo...

9.8CVSS8.1AI score0.89487EPSS

Exploits1References2

Nuclei•added yesterday•10 views

Youzify < 1.2.0 - Unauthenticated SQLi

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection id: CVE-2022-1950 info: name: Youzify 1.2.0 - Unauthenticated SQLi author:...

9.8CVSS7.9AI score0.59651EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:15 a.m.•6 views

CVE-2019-2856

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Application Container - JavaEE. Supported versions that are affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle...

9.8CVSS7.3AI score0.01805EPSS

Exploits0References1

IBM Security Bulletins•added 2025/12/01 6:25 a.m.•6 views

Security Bulletin: Due to use of Apache Jena SDB, IBM Jazz Reporting Service is affected by a JDBC Deserialisation attack.

Summary Apache Jena SDB is used internally by IBM Jazz Reporting Service CVE-2022-45136. Vulnerability Details CVEID:CVE-2022-45136 DESCRIPTION: Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the...

9.8CVSS6.6AI score0.01959EPSS

Exploits0Affected Software1