CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

545 matches found

Vulnrichment•added 2025/11/20 12:0 a.m.•3 views

CVE-2025-60797

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...

7.6AI score0.00233EPSS

Exploits0References2

RedhatCVE•added 2025/11/11 9:31 a.m.•5 views

CVE-2025-12405

An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors. A Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attache...

7.7CVSS7.5AI score0.00224EPSS

Exploits0References1

CVE•added 2025/11/07 12:0 a.m.•11 views

CVE-2025-63718

The CVE-2025-63718 entry describes a SQL injection in SourceCodester PQMS 1.0 at api_patient_schedule.php, where the appointmentID parameter is not properly sanitized, enabling arbitrary SQL commands. This is evidenced across multiple connected sources (e.g., Red Hat, EUVD, NVD/CVE records, CNVD,...

6.5CVSS8.1AI score0.0021EPSS

Exploits1References2Affected Software1

Tenable Nessus•added 2025/11/07 12:0 a.m.•6 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Django vulnerabilities (USN-7859-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7859-1 advisory. It was discovered that Django incorrectly handled certain characters in queries. An attacker could possibly use this issue...

9.1CVSS8.2AI score0.18752EPSS

Exploits10References2

OSV•added 2025/11/05 4:11 p.m.•2 views

USN-7859-1 python-django vulnerabilities

It was discovered that Django incorrectly handled certain characters in queries. An attacker could possibly use this issue to execute arbitrary SQL commands...

9.1CVSS7.3AI score0.18752EPSS

Exploits10References2

Redos•added 2025/11/05 12:0 a.m.•3 views

ROS-20251105-03

A vulnerability in the Apache Log4cxx C++ logging framework is related to insufficient cleanup of the user-supplied data when using an ODBC appender to send log messages to a database. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQL queries in th...

8.8CVSS7.2AI score0.01597EPSS

Exploits1

CNVD•added 2025/10/15 12:0 a.m.•4 views

E-Commerce Website product_add_qty.php file SQL injection vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter prodid in file /pages/productaddqty.php. An attacker can exploit this vulnerability to execu...

9.8CVSS8.3AI score0.00359EPSS

Exploits1References1