CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

39 matches found

Vulnrichment•added 2026/05/23 6:30 p.m.•5 views

CVE-2018-25341 Smartshop 1 SQL Injection via product.php id Parameter

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...

8.8CVSS6.1AI score0.0009EPSS

Exploits0References4

CVE•added 2026/05/23 6:30 p.m.•32 views

CVE-2018-25340

The CVE-2018-25340 entry affects Smartshop 1, with a SQL injection in category.php through the id parameter that allows unauthenticated attackers to send GET requests using UNION-based payloads to extract database data (e.g., usernames). The vulnerability is triggered via the id parameter and can...

8.8CVSS6.1AI score0.0009EPSS

Exploits0References4

RedhatCVE•added 2026/05/16 1:56 a.m.•9 views

CVE-2026-42847

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...

7.1CVSS5.9AI score0.00034EPSS

Exploits0References1

ATTACKERKB•added 2026/05/14 8:45 p.m.•4 views

CVE-2026-42847

7.1CVSS5.9AI score0.00034EPSS

Exploits0References2

Positive Technologies•added 2026/05/14 12:0 a.m.•6 views

PT-2026-41126

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3 - 122 Description An SQL Injection SQLi issue exists in the authenticated admin endpoint "admin area/action logs.php". The endpoint processes the type parameter, which is passed to the fetch action logs...

7.1CVSS5.9AI score0.00034EPSS

Exploits0References4

NVD•added 2026/05/11 6:16 p.m.•4 views

CVE-2026-38567

HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker can bypass authentication by supplying a crafted username e.g. admin'-- or extract the full content...

9.8CVSS0.00305EPSS

Exploits1References3

Positive Technologies•added 2026/05/11 12:0 a.m.•8 views

PT-2026-39655

5.9AI score0.00305EPSS

Exploits1References4

Cvelist•added 2026/04/29 7:24 p.m.•28 views

CVE-2018-25300 XATABoost CMS 1.0.0 SQL Injection via news.php

XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database informatio...

8.8CVSS0.00124EPSS

Exploits0References3

Positive Technologies•added 2026/04/29 12:0 a.m.•5 views

PT-2026-35983

8.8CVSS5.7AI score0.00124EPSS

Exploits0References4

NVD•added 2026/03/12 4:16 p.m.•1 views

CVE-2019-25511

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using...

8.8CVSS0.001EPSS

Exploits1References2

ATTACKERKB•added 2026/03/12 3:36 p.m.•1 views

CVE-2019-25517

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injecti...

8.8CVSS5.9AI score0.001EPSS

Exploits1References2Affected Software1

CVE•added 2026/03/12 3:36 p.m.•6 views

CVE-2019-25516

The CVE-2019-25516 entry describes an SQL injection in Jettweb PHP Hazir Haber Sitesi Scripti V1, exploitable via GET requests to gallery.php with a malicious gallery_id (UNION-based) allowing unauthenticated data extraction. Metrics indicate CVSS v3.1 base score 8.2 (HIGH) and CVSS v4.0 base sco...

8.8CVSS5.9AI score0.001EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/03/12 3:36 p.m.•0 views

CVE-2019-25511

8.8CVSS5.9AI score0.001EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/03/12 3:36 p.m.•21 views

CVE-2019-25511 Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection

8.8CVSS0.001EPSS

Exploits1References2

Positive Technologies•added 2026/03/12 12:0 a.m.•2 views

PT-2026-24971

8.8CVSS5.9AI score0.001EPSS

Exploits1References3

Vulnrichment•added 2026/03/04 5:15 p.m.•3 views

CVE-2019-25507 Ashop Shopping Cart Software Lastest SQL Injection via index.php

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...

8.8CVSS6AI score0.00123EPSS

Exploits0References2

ATTACKERKB•added 2026/03/04 5:15 p.m.•4 views

CVE-2019-25507

8.8CVSS6AI score0.00123EPSS

Exploits0References2Affected Software1

EUVD•added 2026/02/26 9:31 p.m.•4 views

EUVD-2026-8884

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

8.7CVSS7AI score0.00224EPSS

Exploits0References4