CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/06/02 12:0 a.m.•9 views

openSUSE 16 Security Update : roundcubemail (openSUSE-SU-2026:20852-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20852-1 advisory. Changes in roundcubemail: - update to 1.6.16 - Fix potential too long value in IMAP ID command 10136 - Security: Fix stored XSS/HTML/CSS injecti...

8.1CVSS6AI score0.0066EPSS

Exploits1References24

Tenable Nessus•added 2026/06/02 12:0 a.m.•14 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : PHP vulnerabilities (USN-8336-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8336-1 advisory. Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the...

9.8CVSS6.2AI score0.00505EPSS

Exploits1References10

CVE•added 2026/06/01 11:30 p.m.•15 views

CVE-2026-10302

The CVE-2026-10302 entry concerns itsourcecode Fees Management System 1.0. The vulnerability lies in an unknown function within the file /manage_fee.php, where manipulating the ID parameter can lead to SQL injection. This allows remote exploitation, and the exploit has been published. The CVSS me...

ATTACKERKB•added 2026/06/01 11:30 p.m.•7 views

CVE-2026-10302

A flaw has been found in itsourcecode Fees Management System 1.0. The impacted element is an unknown function of the file /managefee.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

Exploits0References6Affected Software1

Cvelist•added 2026/06/01 11:30 p.m.•39 views

CVE-2026-10302 itsourcecode Fees Management System manage_fee.php sql injection

6.5CVSS0.00319EPSS

Vulnrichment•added 2026/06/01 11:30 p.m.•8 views

CVE-2026-10302 itsourcecode Fees Management System manage_fee.php sql injection

6.5CVSS6.5AI score0.00319EPSS

GithubExploit•added 2026/06/01 11:20 p.m.•74 views

htb-myexpense-writeup

htb-myexpense...

5.8AI score

Exploits0

NVD•added 2026/06/01 11:16 p.m.•9 views

CVE-2026-24782

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

8.8CVSS0.00667EPSS

Exploits0References1

NVD•added 2026/06/01 11:16 p.m.•7 views

CVE-2026-10297

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /managecourse.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

6.5CVSS0.00319EPSS

NVD•added 2026/06/01 10:16 p.m.•7 views

CVE-2026-10290

A weakness has been identified in code-projects Hotel and Tourism Reservation System 1.0. The affected element is an unknown function of the file tour.php of the component GET Parameter Handler. Executing a manipulation of the argument tour can lead to sql injection. The attack can be launched...

7.5CVSS0.00318EPSS

NVD•added 2026/06/01 10:16 p.m.•11 views

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00094EPSS

Exploits0References1

NVD•added 2026/06/01 10:16 p.m.•5 views

CVE-2018-25429

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...

7.1CVSS0.00273EPSS

NVD•added 2026/06/01 10:16 p.m.•5 views

CVE-2018-25431

No-Cms 1.0 contains an SQL injection vulnerability in the orderby parameter of the manageprivilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manageprivilege/index/export with malicious SQL code in the...

7.1CVSS0.00273EPSS

NVD•added 2026/06/01 10:16 p.m.•7 views

CVE-2018-25430

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive...

7.1CVSS0.00273EPSS

NVD•added 2026/06/01 10:16 p.m.•6 views

CVE-2018-25433

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter. Attackers can send GET requests to index.php with crafted categoryid values in the...

8.8CVSS0.00341EPSS

NVD•added 2026/06/01 10:16 p.m.•5 views

CVE-2018-25428

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

8.8CVSS0.00341EPSS

CVE•added 2026/06/01 10:15 p.m.•16 views

CVE-2026-10297

The CVE-2026-10297 entry concerns itsourcecode Fees Management System 1.0. An SQL injection vulnerability exists in an unknown area of /manage_course.php triggered by manipulating the ID parameter. The issue allows remote initiation and is accompanied by a publicly available exploit. No vendor na...

ATTACKERKB•added 2026/06/01 10:15 p.m.•9 views

CVE-2026-10297