Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

233044 matches found

EUVD
EUVDadded 2026/05/25 2:15 p.m.6 views

EUVD-2018-21901

Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filtertypeid, filterpidid, and filtersearch parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL...

7.1CVSS6.1AI score0.00029EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:15 p.m.6 views

CVE-2018-25380

Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filtertypeid, filterpidid, and filtersearch parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL...

7.1CVSS6.1AI score0.00029EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/25 2:15 p.m.5 views

CVE-2018-25379 Collectric CMU 1.0 SQL Injection via lang Parameter

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...

8.8CVSS5.9AI score0.00147EPSS
Exploits0References3
CVE
CVEadded 2026/05/25 2:15 p.m.13 views

CVE-2018-25379

CVE-2018-25379 affects Collectric CMU 1.0 and describes a boolean-based blind SQL injection in the login flow through the lang parameter. The vulnerability allows unauthenticated attackers to influence database queries during authentication, enabling extraction of sensitive data via time-based bl...

8.8CVSS5.9AI score0.00147EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/25 2:15 p.m.9 views

CVE-2018-25372 MedDream PACS Server Premium 6.7.1.1 SQL Injection via email

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...

8.8CVSS6.1AI score0.00081EPSS
Exploits0References2
CVE
CVEadded 2026/05/25 2:15 p.m.13 views

CVE-2018-25372

CVE-2018-25372 : MedDream PACS Server Premium 6.7.1.1 contains an unauthenticated SQL injection in the email parameter of the userSignup.php endpoint. Crafting POST requests with SQL payloads can extract sensitive information from the backend MySQL database. The description explicitly states the ...

8.8CVSS6.1AI score0.00081EPSS
Exploits0References2
CVE
CVEadded 2026/05/25 2:15 p.m.14 views

CVE-2018-25371

The CVE-2018-25371 entry concerns mooSocial Store Plugin 2.6 with a blind SQL injection in the product parameter of the URL rewrite functionality. The vulnerability allows unauthenticated attackers to manipulate queries, enabling boolean-based blind, time-based blind, or stacked query techniques ...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/25 2:15 p.m.8 views

EUVD-2018-21892

mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality. Attackers can inject SQL code using boolean-based blind, time-based blind, or stacked query...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:15 p.m.7 views

CVE-2018-25371

mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality. Attackers can inject SQL code using boolean-based blind, time-based blind, or stacked query...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/05/25 2:15 p.m.17 views

CVE-2018-25364 Twitter-Clone 1 SQL Injection via search.php

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS0.00086EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:15 p.m.8 views

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS5.9AI score0.00044EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/05/25 2:15 p.m.17 views

CVE-2018-25362 Twitter-Clone 1 SQL Injection via follow.php

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS0.00044EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/25 2:15 p.m.5 views

CVE-2018-25362 Twitter-Clone 1 SQL Injection via follow.php

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS5.9AI score0.00044EPSS
Exploits0References3
NVD
NVDadded 2026/05/25 11:16 a.m.7 views

CVE-2026-9451

A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has...

6.5CVSS0.00031EPSS
Exploits0References5
NVD
NVDadded 2026/05/25 11:16 a.m.11 views

CVE-2026-9447

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

7.5CVSS0.00039EPSS
Exploits0References5
NVD
NVDadded 2026/05/25 11:16 a.m.8 views

CVE-2026-9450

A security flaw has been discovered in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public a...

6.5CVSS0.00031EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/25 10:45 a.m.33 views

CVE-2026-9451 code-projects Employee Management System applyleaveprocess.php sql injection

A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has...

6.5CVSS0.00031EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/25 10:45 a.m.4 views

CVE-2026-9451

A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has...

6.5CVSS6.5AI score0.00031EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2026/05/25 10:45 a.m.13 views

CVE-2026-9451

Summary (CVE-2026-9451): Code-Projects Employee Management System 1.0 contains a vulnerability in the /process/applyleaveprocess.php handling of the ID parameter, enabling SQL injection. The issue is remote and has PoC exploitation notes in the entry. The CVSS-derived metrics indicate a medium se...

6.5CVSS6.5AI score0.00031EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/25 10:45 a.m.6 views

CVE-2026-9451 code-projects Employee Management System applyleaveprocess.php sql injection

A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has...

6.5CVSS6.5AI score0.00031EPSS
Exploits0References5
Rows per page
Query Builder