CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

CVE-2026-10193

A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sq...

6.5CVSS0.00028EPSS

Exploits0References5

ATTACKERKB•added 4 days ago•7 views

CVE-2026-10193

6.5CVSS6.4AI score0.00028EPSS

Exploits0References5

CVE•added 4 days ago•9 views

CVE-2026-10193

CVE-2026-10193 affects OFCMS up to version 1.1.3. The vulnerable element is the Query function in file at com/ofsoft/cms/admin/controller/ComnController.java (ComnController). An attacker can manipulate the argument system.user.query to trigger SQL injection. The exploit is capable of remote init...

6.5CVSS6.4AI score0.00028EPSS

Exploits0References5

CNNVD•added 4 days ago•3 views

OFCMS SQL注入漏洞

OFCMS is a content management system developed by the Oufu individual developers. Versions of OFCMS 1.1.3 and earlier had a SQL injection vulnerability. This vulnerability originated from the parameter “system.user.query” in the function Query of the ComnController component’s ComnController.java...

6.5CVSS6.7AI score0.00028EPSS

Exploits0References5

Positive Technologies•added 2026/02/26 12:0 a.m.•3 views

PT-2026-22205

Name of the Vulnerable Software and Affected Versions wger versions prior to 2.4 Description wger is a free, open-source workout and fitness manager. An issue exists where three nutritional values action endpoints bypass user-scoped querysets via a raw ORM call, specifically Model.objects.getpk=p...

4.3CVSS6AI score0.0004EPSS

Exploits1References7

RedhatCVE•added 2025/11/24 11:33 a.m.•2 views

CVE-2025-13546

A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument userquery results in sql injection. The attack can be...

9.8CVSS7.1AI score0.0003EPSS

Exploits1References1

OSV•added 2025/11/23 11:15 a.m.•0 views

CVE-2025-13546

9.8CVSS5.7AI score

Exploits0References4

Cvelist•added 2025/11/23 10:32 a.m.•9 views

CVE-2025-13546 ashraf-kabir travel-agency Search results.php sql injection

6.5CVSS0.0003EPSS

Exploits1References4

Vulnrichment•added 2025/11/23 10:32 a.m.•3 views

CVE-2025-13546 ashraf-kabir travel-agency Search results.php sql injection

6.5CVSS6.7AI score0.0003EPSS

Exploits1References4

CNNVD•added 2025/11/23 12:0 a.m.•2 views

Travel Agency SQL注入漏洞

Travel Agency is a travel management website by Ashraf Kabir, an individual developer. Travel Agency suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter userquery in the file /results.php, which could lead to SQL injection...

9.8CVSS6.9AI score0.0003EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-3749

Malware in sbrugna...

8.8CVSS6.5AI score0.00447EPSS

Exploits0References9

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2021-28358

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00405EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-38333

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00085EPSS

Exploits0References2

CNNVD•added 2025/09/19 12:0 a.m.•4 views

Zabbix plugin for Grafana 安全漏洞

Zabbix plugin for Grafana is an open source Zabbix plugin for Grafana dashboards from Grafana Labs. A security vulnerability exists in Zabbix plugin for Grafana version 5.2.1 and earlier, which stems from a user-supplied regular expression query that could result in a regular expression denial of...

4.3CVSS9AI score0.00101EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 3:55 a.m.•6 views

CVE-2023-34249

benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dcaeccd37198ecd3e41ea766d1099354b60d69c2. As a workaround, a user may be able to update the software...

9.8CVSS7.2AI score0.00085EPSS

Exploits0

RedhatCVE•added 2025/05/23 3:2 a.m.•1 views

CVE-2023-1940

A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This vulnerability affects unknown code of the file deleteuserquery.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The...

9.1CVSS8.1AI score0.0027EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:44 p.m.•5 views

CVE-2022-29498

Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to run a query they would not have normally run...

7.5CVSS7.3AI score0.00186EPSS

Exploits0References1

OSV•added 2023/04/25 7:15 a.m.•4 views

CVE-2023-22665

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

5.4CVSS7.2AI score

Exploits0References2

NVD•added 2023/04/25 7:15 a.m.•15 views

CVE-2023-22665

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

5.4CVSS6.2AI score0.00828EPSS

Exploits0References2

Prion•added 2023/04/25 7:15 a.m.•15 views

Design/Logic Flaw

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

4.9CVSS6AI score0.00828EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by