CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2025-6411

Malicious code in bioql PyPI...

7.5CVSS9.2AI score0.24216EPSS

Exploits0References5

RedhatCVE•added 2025/05/22 4:56 p.m.•4 views

CVE-2020-18020

SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to execute arbitrary code by injecting SQL commands into the "userphone" parameter of a crafted HTTP request to the "admin.php" component...

9.8CVSS9.1AI score0.10359EPSS

Exploits1

RedhatCVE•added 2025/03/16 7:18 a.m.•4 views

CVE-2025-2221

The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘userphone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.5CVSS7.8AI score0.24216EPSS

Exploits0References1

NVD•added 2025/03/14 7:15 a.m.•7 views

CVE-2025-2221

7.5CVSS0.24216EPSS

Exploits0References3

CVE•added 2025/03/14 6:43 a.m.•52 views

CVE-2025-2221

The CVE covers the WordPress plugin WPCOM Member (WordPress) versions up to and including 1.7.6, which is vulnerable to an unauthenticated time-based SQL injection via the user_phone parameter due to insufficient escaping and inadequate query preparation. Consequence: attackers can append additio...

7.5CVSS7.7AI score0.24216EPSS

Exploits0References3Affected Software1

CVE•added 2025/03/07 6:40 a.m.•81 views

CVE-2025-1475

The CVE-2025-1475 affects the WPCOM Member WordPress plugin (

9.8CVSS7.4AI score0.00127EPSS

Exploits0References3