CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1416 matches found

CVE-2026-36618

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...

Exploits0References1

EUVD•added 2 days ago•7 views

EUVD-2026-33764

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

8.8CVSS5.9AI score0.00065EPSS

Exploits0References4

NVD•added 3 days ago•7 views

CVE-2026-49491

8.8CVSS0.00065EPSS

Exploits0References3

ATTACKERKB•added 3 days ago•5 views

CVE-2026-49491

8.8CVSS5.9AI score0.00065EPSS

Exploits0References3Affected Software1

GithubExploit•added 3 days ago•46 views

portswigger-labs

PortSwigger Web Security Academy — Lab Notes Notes from compl...

5.8AI score

Exploits0

Positive Technologies•added 3 days ago•8 views

PT-2026-45617

8.8CVSS5.9AI score0.00065EPSS

Exploits0References4

EUVD•added 5 days ago•4 views

EUVD-2018-21932

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00026EPSS

Exploits0References4

CVE•added 5 days ago•10 views

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection in admin/media.php via the id parameter. In the affected flow, an authenticated attacker can craft GET requests with module=pengurus and act=editpengurus to inject SQL UNION statements, enabling extraction of database information (usernames, database names,...

7.1CVSS6.2AI score0.00026EPSS

Exploits0References4

Positive Technologies•added 5 days ago•5 views

PT-2026-45110

7.1CVSS6.2AI score0.00026EPSS

Exploits0References5

NVD•added 6 days ago•4 views

CVE-2018-25382

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...

8.8CVSS0.00065EPSS

Exploits0References4

Cvelist•added 6 days ago•22 views

CVE-2018-25395 Kados R10 GreenBee SQL Injection via update_feature.php

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the featureid parameter of boardsbuttons/updatefeature.php. The featureid value is concatenated directly into SQL statements withou...

8.8CVSS0.00068EPSS

Exploits0References4

CVE•added 6 days ago•7 views

CVE-2018-25395

Kados R10 GreenBee is affected by an SQL injection via boards_buttons/update_feature.php in the feature_id parameter. The feature_id is concatenated directly into SQL statements without sanitization, enabling unauthenticated attackers to send crafted GET requests (including UNION-based payloads) ...

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4

Vulnrichment•added 6 days ago•5 views

CVE-2018-25394 Kados R10 GreenBee SQL Injection via update_release.php

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the releaseid parameter of boardsbuttons/updaterelease.php. The releaseid value is concatenated directly into SQL statements withou...

8.8CVSS6.1AI score0.00068EPSS

Exploits0References4

CVE•added 6 days ago•9 views

CVE-2018-25382

Zechat 1.5 contains an SQL injection in the uname parameter that allows unauthenticated attackers to extract database information by injecting SQL through profile.php. The described payloads use UNION-based injections to enumerate table names, column names, and sensitive data from information_sch...

8.8CVSS5.9AI score0.00065EPSS

Exploits0References4

EUVD•added 6 days ago•2 views

EUVD-2018-21904

8.8CVSS5.9AI score0.00065EPSS

Exploits0References4

Positive Technologies•added 6 days ago•5 views

PT-2026-44873

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature id parameter of boards buttons/update feature.php. The feature id value is concatenated directly into SQL statements...

8.8CVSS6.1AI score0.00068EPSS

Exploits0References5

NVD•added 2026/05/25 3:16 p.m.•6 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS0.00086EPSS

Exploits0References3

NVD•added 2026/05/25 3:16 p.m.•6 views

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS0.00044EPSS

Exploits0References3

CVE•added 2026/05/25 2:15 p.m.•10 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection flaw accessible without authentication via search.php. An attacker can inject malicious code into the name parameter to perform error-based and union-based SQL injections, enabling extraction of database information such as usernames, credentials, and syst...

8.8CVSS6.2AI score0.00086EPSS

Exploits0References3

ATTACKERKB•added 2026/05/25 2:15 p.m.•7 views

CVE-2018-25362

8.8CVSS5.9AI score0.00044EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by