CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/06/01 10:15 p.m.•9 views

CVE-2026-10297 itsourcecode Fees Management System manage_course.php sql injection

6.5CVSS6.5AI score0.00319EPSS

RedhatCVE•added 2026/06/01 10:3 p.m.•6 views

CVE-2026-10178

A vulnerability was detected in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may ...

7.5CVSS5.7AI score0.00412EPSS

RedhatCVE•added 2026/06/01 10:3 p.m.•8 views

CVE-2026-10111

A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The...

7.5CVSS5.5AI score0.00254EPSS

RedhatCVE•added 2026/06/01 10:3 p.m.•9 views

CVE-2026-10185

A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

7.5CVSS5.6AI score0.00269EPSS

CVE•added 2026/06/01 10:0 p.m.•14 views

CVE-2026-24782

Kiteworks users are affected by multiple SQL injection flaws in Secure Data Forms prior to version 9.3.0. An authenticated attacker with the FormBuilder role can retrieve information on or modify other users’ form definitions and some global configuration parameters. The fix is to upgrade to Kite...

8.8CVSS5.9AI score0.00667EPSS

Exploits0References1Affected Software1

EUVD•added 2026/06/01 10:0 p.m.•7 views

EUVD-2026-33842

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

7.6CVSS5.9AI score0.00667EPSS

Vulnrichment•added 2026/06/01 10:0 p.m.•8 views

CVE-2026-24782 Kiteworks Secure Data Forms has a SQL Injection vulnerability

7.6CVSS5.9AI score0.00667EPSS

CVE•added 2026/06/01 10:0 p.m.•12 views

CVE-2026-10296

CVE-2026-10296 affects itsourcecode Fees Management System 1.0. The vulnerability concerns the /ajax.php file, where manipulation of the Username argument can lead to SQL injection. The attack can be performed remotely, and a publicly disclosed exploit exists. No remediation or patch details are ...

6.5CVSS5.6AI score0.00319EPSS

Cvelist•added 2026/06/01 10:0 p.m.•35 views

CVE-2026-10296 itsourcecode Fees Management System ajax.php sql injection

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been publicl...

6.5CVSS0.00319EPSS

Vulnrichment•added 2026/06/01 10:0 p.m.•7 views

CVE-2026-10296 itsourcecode Fees Management System ajax.php sql injection

6.5CVSS6.4AI score0.00319EPSS

NVD•added 2026/06/01 9:16 p.m.•14 views

CVE-2026-10286

A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /homeemployee.php. The manipulation of the argument empid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

6.5CVSS0.00204EPSS

CVE•added 2026/06/01 9:14 p.m.•12 views

CVE-2026-0075

The CVE-2026-0075 entry describes a SQL injection that could permit access to the contacts database, enabling local escalation of privilege with no additional privileges required and no user interaction needed. Connected documents (including RH/CVE, EUVD, NVD, CNNVD, and others) reiterate the sam...

7.8CVSS6AI score0.00094EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/01 9:14 p.m.•29 views

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00094EPSS

CVE•added 2026/06/01 9:0 p.m.•11 views

CVE-2018-25433

Technical details for CVE-2018-25433 are not publicly available in the provided documents. Monitor for updates.

8.8CVSS6.1AI score0.00341EPSS

Cvelist•added 2026/06/01 9:0 p.m.•27 views

CVE-2018-25434 WP AutoSuggest 0.24 SQL Injection via autosuggest.php

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpaskeys parameter. Attackers can send GET requests to autosuggest.php with crafted wpaskeys values to extract sensitive...

8.8CVSS0.00341EPSS

CVE•added 2026/06/01 9:0 p.m.•12 views

CVE-2018-25434

WP AutoSuggest 0.24 is affected by an unauthenticated SQL injection in the wpas_keys parameter of autosuggest.php. An attacker can send crafted GET requests to extract sensitive data from WordPress posts and other tables. Root cause is unsafely injected wpas_keys handling in the plugin’s autosugg...

8.8CVSS6.1AI score0.00341EPSS

Vulnrichment•added 2026/06/01 9:0 p.m.•9 views

CVE-2018-25434 WP AutoSuggest 0.24 SQL Injection via autosuggest.php

8.8CVSS6.1AI score0.00341EPSS

CVE•added 2026/06/01 9:0 p.m.•8 views

CVE-2018-25431

CVE-2018-25431 affects No-CMS 1.0 and describes an SQL injection in the order_by parameter of the manage_privilege export endpoint. An authenticated attacker can submit a crafted POST request to /nocms/main/manage_privilege/index/export with SQL payload in order_by[0] to manipulate database queri...

7.1CVSS5.9AI score0.00273EPSS