CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

329 matches found

RedhatCVE•added 2026/02/04 7:27 p.m.•6 views

CVE-2026-25241

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...

9.8CVSS6.1AI score0.00413EPSS

Exploits0References1

Positive Technologies•added 2026/02/04 12:0 a.m.•2 views

PT-2026-5884

Name of the Vulnerable Software and Affected Versions Infility Global plugin for WordPress versions prior to 2.14.46 Description The Infility Global plugin for WordPress is susceptible to unauthenticated SQL Injection through the 'infility get data' API action. This is a result of inadequate...

7.5CVSS5.8AI score0.00432EPSS

Exploits0References9

EUVD•added 2026/02/03 6:31 p.m.•7 views

EUVD-2026-5194

9.3CVSS6.1AI score0.00413EPSS

Exploits0References1

GithubExploit•added 2026/02/01 9:53 p.m.•148 views

Exploit for CVE-2025-12197

Security Research This repository contains my security resea...

7.5CVSS5.9AI score0.14932EPSS

Exploits1

Cvelist•added 2026/01/09 10:3 a.m.•27 views

CVE-2025-64092 Unauthenticated SQL injection via GET request parameters

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...

7.5CVSS0.00372EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:58 a.m.•8 views

CVE-2023-45346

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS8.3AI score0.007EPSS

Exploits1References1

Patchstack•added 2025/12/31 12:0 a.m.•5 views

WordPress Likes and Dislikes Plugin plugin <= 1.0.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Likes and Dislikes versions = 1.0.0...

7.5CVSS5.9AI score0.00476EPSS

Exploits1References1Affected Software1

CNNVD•added 2025/12/15 12:0 a.m.•2 views

NetSupport Manager 安全漏洞

NetSupport Manager is a remote control software from NetSupport Manager, Inc. A security vulnerability exists in NetSupport Manager versions prior to 14.12.0001, which stems from an unauthenticated SQL injection in Connectivity Server/Gateway HTTPS request processing, which could lead to the...

8.7CVSS7.5AI score0.0034EPSS

Exploits0References4

CVE•added 2025/12/13 6:33 a.m.•18 views

CVE-2025-10738

CVE-2025-10738 concerns the WordPress URL Shortener Plugin for WordPress. The initial description notes an Unauthenticated SQL Injection via the parameter ‘analytic_id’ in all versions up to and including 3.0.7, due to insufficient escaping and preparation of the SQL query. Connected documents (W...

9.8CVSS6.3AI score0.00354EPSS

Exploits0References3

Positive Technologies•added 2025/12/11 12:0 a.m.•6 views

PT-2025-50761

Name of the Vulnerable Software and Affected Versions xbtitFM version 4.1.18 Description The software contains an unauthenticated SQL injection issue. Remote attackers can manipulate database queries by injecting malicious SQL code through the msgid parameter. Crafted requests sent to the...

8.7CVSS8.1AI score0.00498EPSS

Exploits1References5

Cvelist•added 2025/11/04 8:18 p.m.•9 views

CVE-2025-32786 GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1...

7.5CVSS0.05894EPSS

Exploits0References3

EUVD•added 2025/11/03 4:45 p.m.•6 views

EUVD-2025-37502

An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the Group parameter in the /uapi-cgi/viewer/Param.cgi script. This has been confirmed on the EFD-2130 camera running firmware version 1.12.0.19...

9.8CVSS7.7AI score0.00489EPSS

Exploits0References2

GithubExploit•added 2025/11/03 9:0 a.m.•206 views

Exploit for Improper Validation of Certificate with Host Mismatch in Fortinet Fortiproxy

watchTowr-vs-FortiWeb-CVE-2025-25257 Detection Artifact Gener...

9.8CVSS7.3AI score0.9671EPSS

Exploits18

CVE•added 2025/10/25 6:49 a.m.•22 views

CVE-2025-9322

CVE-2025-9322 : WordPress plugin Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions (up to and including 8.3.1) is vulnerable to unauthenticated SQL Injection via the wpfs-form-name parameter. The issue arises from insufficient escaping of the user-suppli...

7.5CVSS6.4AI score0.00317EPSS

Exploits0References2

Packet Storm•added 2025/10/22 12:0 a.m.•154 views

📄 Log2Space Subscriber Management Software 1.1 SQL Injection

Log2Space Subscriber Management Software version 1.1 suffers from an unauthenticated remote SQL injection vulnerability. Author: Aditya Patil [email protected] Rohan Patil [email protected] CVE-2025-56450 Unauthenticated SQL Injection in Log2Space Subscriber Management Software...

6.5CVSS8.3AI score0.00307EPSS

Exploits1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-2834

Malware in sbrugna...

5.3CVSS5.6AI score0.01093EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-54340

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00576EPSS

Exploits0References1