Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

216432 matches found

Cvelist
Cvelistadded 2026/04/12 12:28 p.m.32 views

CVE-2019-25699 Newsbull Haber Script 1.0.0 Authenticated SQL Injection via search parameter

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...

7.1CVSS0.00317EPSS
Exploits1References4
CVE
CVEadded 2026/04/12 12:28 p.m.6 views

CVE-2019-25699

Newsbull Haber Script 1.0.0 is affected by multiple SQL injection vulnerabilities in the search parameter, enabling authenticated attackers to extract database information via time-based, blind, and boolean-based techniques. The issues can be triggered through the search parameter in endpoints su...

7.1CVSS5.9AI score0.00317EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2026/04/12 12:28 p.m.7 views

CVE-2019-25697

CMSsite 1.0 contains an SQL injection vulnerability exploitable via the cat_id parameter on category.php. Unauthenticated attackers can inject SQL to manipulate queries and exfiltrate sensitive data, including usernames and credentials. Impact is high for confidentiality and integrity, with succe...

9.8CVSS5.9AI score0.00413EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/12 12:28 p.m.6 views

CVE-2019-25697

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to category.php with malicious catid values to extract sensitive database information includi...

8.8CVSS5.9AI score0.00413EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/12 12:28 p.m.2 views

CVE-2019-25697 CMSsite 1.0 SQL Injection via category.php

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to category.php with malicious catid values to extract sensitive database information includi...

8.8CVSS5.9AI score0.00413EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/04/12 12:28 p.m.26 views

CVE-2019-25693 ResourceSpace 8.6 SQL Injection via collection_edit.php

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collectionedit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to...

7.1CVSS0.00159EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/04/12 12:28 p.m.3 views

CVE-2019-25693

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collectionedit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to...

7.1CVSS6.2AI score0.00159EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/04/12 12:28 p.m.2 views

CVE-2019-25693 ResourceSpace 8.6 SQL Injection via collection_edit.php

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collectionedit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to...

7.1CVSS6.2AI score0.00159EPSS
Exploits1References4
CVE
CVEadded 2026/04/12 12:28 p.m.5 views

CVE-2019-25693

CVE-2019-25693 – ResourceSpace 8.6 SQL injection : An authenticated attacker can inject malicious SQL via the keywords parameter in collection_edit.php (also noted as collection edit.php in some sources), enabling execution of arbitrary queries and extraction of sensitive data such as schema info...

7.1CVSS6.2AI score0.00159EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/12 12:28 p.m.2 views

CVE-2018-25257

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/04/12 12:28 p.m.9 views

CVE-2018-25257

CVE-2018-25257 – Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability. An authenticated user can inject SQL code via the name field in SystemProfileForm's profile edit endpoint to manipulate queries, potentially modifying user credentials and gaining administrative access. Af...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/12 12:28 p.m.4 views

CVE-2018-25257 Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2026/04/12 11:10 a.m.82 views

Webite-Security-Scanner

Webite-Security-Scanner A modular web...

5.9AI score
Exploits0
GithubExploit
GithubExploitadded 2026/04/12 9:39 a.m.85 views

pentest-autopilot-mcps

Pentest Autopilot MCP Servers Professional-grade Model Contex...

6AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2026/04/12 12:0 a.m.3 views

PT-2026-32177

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/04/12 12:0 a.m.4 views

Victor CMS SQL注入漏洞

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS has a SQL injection vulnerability, which stems from insufficient input validation for the catid parameter in the category.php file. This vulnerability may lead to SQL injection...

9.8CVSS5.8AI score0.00413EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/04/12 12:0 a.m.3 views

Montala ResourceSpace 跨站请求伪造漏洞

Montala ResourceSpace is an open-source digital asset management tool developed by Montala Company in the UK. It enables users to organize their digital assets. Version 8.6 of Montala ResourceSpace contains a cross-site request forgeing vulnerability, which stems from insufficient input validatio...

7.1CVSS5.8AI score0.00159EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/04/12 12:0 a.m.5 views

eBrigade ERP SQL注入漏洞

eBrigade ERP is a comprehensive business system for enterprise resource planning management developed by the French company eBrigade. Version 4.5 of eBrigade ERP contains a SQL injection vulnerability, which stems from insufficient input validation for the id parameter in the pdf.php file. This...

7.1CVSS5.9AI score0.00269EPSS
Exploits1References4
GithubExploit
GithubExploitadded 2026/04/11 7:14 p.m.110 views

Exploit for SQL Injection in Facturascripts

CVE-2026-25514: FacturaScripts has SQL Injection in Autocomple...

8.8CVSS6.2AI score0.00473EPSS
Exploits3
GithubExploit
GithubExploitadded 2026/04/11 7:14 p.m.91 views

Exploit for Improper Neutralization of Special Elements in Data Query Logic in Facturascripts

CVE-2026-25513: FacturaScripts has SQL Injection in API ORDER...

8.8CVSS6.4AI score0.00473EPSS
Exploits3
Rows per page
Query Builder