CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 4 days ago•4 views

CVE-2018-25428

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

8.8CVSS0.00068EPSS

Cvelist•added 4 days ago•22 views

CVE-2026-10297 itsourcecode Fees Management System manage_course.php sql injection

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /managecourse.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

6.5CVSS0.00033EPSS

ATTACKERKB•added 4 days ago•8 views

CVE-2026-10297

6.5CVSS5.7AI score0.00033EPSS

Exploits0References6Affected Software1

6.5CVSS5.7AI score0.00033EPSS

CVE-2026-10297

The CVE-2026-10297 entry concerns itsourcecode Fees Management System 1.0. An SQL injection vulnerability exists in an unknown area of /manage_course.php triggered by manipulating the ID parameter. The issue allows remote initiation and is accompanied by a publicly available exploit. No vendor na...

Vulnrichment•added 4 days ago•5 views

CVE-2026-10297 itsourcecode Fees Management System manage_course.php sql injection

6.5CVSS6.5AI score0.00033EPSS

RedhatCVE•added 4 days ago•4 views

CVE-2026-10178

A vulnerability was detected in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may ...

7.5CVSS5.7AI score0.00033EPSS

RedhatCVE•added 4 days ago•6 views

CVE-2026-10111

A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The...

7.5CVSS5.5AI score0.0003EPSS

RedhatCVE•added 4 days ago•7 views

CVE-2026-10185

A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

7.5CVSS5.6AI score0.00033EPSS

8.8CVSS5.9AI score0.00027EPSS

CVE-2026-24782

Kiteworks users are affected by multiple SQL injection flaws in Secure Data Forms prior to version 9.3.0. An authenticated attacker with the FormBuilder role can retrieve information on or modify other users’ form definitions and some global configuration parameters. The fix is to upgrade to Kite...

Exploits0References1Affected Software1

Vulnrichment•added 4 days ago•5 views

CVE-2026-24782 Kiteworks Secure Data Forms has a SQL Injection vulnerability

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

7.6CVSS5.9AI score0.00027EPSS

EUVD•added 4 days ago•5 views

EUVD-2026-33842

7.6CVSS5.9AI score0.00027EPSS

6.5CVSS5.6AI score0.00033EPSS

CVE-2026-10296

CVE-2026-10296 affects itsourcecode Fees Management System 1.0. The vulnerability concerns the /ajax.php file, where manipulation of the Username argument can lead to SQL injection. The attack can be performed remotely, and a publicly disclosed exploit exists. No remediation or patch details are ...

Vulnrichment•added 4 days ago•3 views

CVE-2026-10296 itsourcecode Fees Management System ajax.php sql injection

A vulnerability was determined in itsourcecode Fees Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been publicl...

6.5CVSS6.4AI score0.00033EPSS

Cvelist•added 4 days ago•28 views

CVE-2026-10296 itsourcecode Fees Management System ajax.php sql injection

6.5CVSS0.00033EPSS

NVD•added 4 days ago•12 views

CVE-2026-10286

A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /homeemployee.php. The manipulation of the argument empid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

6.5CVSS0.00033EPSS

Cvelist•added 4 days ago•25 views

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00006EPSS

7.8CVSS6AI score0.00006EPSS

CVE-2026-0075

The CVE-2026-0075 entry describes a SQL injection that could permit access to the contacts database, enabling local escalation of privilege with no additional privileges required and no user interaction needed. Connected documents (including RH/CVE, EUVD, NVD, CNNVD, and others) reiterate the sam...

Exploits0References1Affected Software1

CVE•added 4 days ago•10 views

CVE-2018-25434

WP AutoSuggest 0.24 is affected by an unauthenticated SQL injection in the wpas_keys parameter of autosuggest.php. An attacker can send crafted GET requests to extract sensitive data from WordPress posts and other tables. Root cause is unsafely injected wpas_keys handling in the plugin’s autosugg...

8.8CVSS6.1AI score0.00068EPSS

CVE•added 4 days ago•9 views

CVE-2018-25433

Technical details for CVE-2018-25433 are not publicly available in the provided documents. Monitor for updates.

8.8CVSS6.1AI score0.00068EPSS