CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

Malwarebytes•added 2026/06/11 11:31 a.m.•19 views

VRChat says reported data breach never happened

A data breach notice has been filed with the Maine Attorney General, saying more than 2.4 million users of VRChat have had their data breached. The question is, was it VRChat who filed the breach notice, or did someone pretending to represent the company post it instead? On Reddit, a VRChat...

5.4AI score

Exploits0

CNNVD•added 2026/06/04 12:0 a.m.•3 views

PHP EI-Tube Script SQL注入漏洞

The PHP EI-Tube Script is a video website construction system developed by Elis Atef. The PHP EI-Tube Script has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the search parameter, which may allow unauthenticated attackers to execute arbitrary SQL...

8.8CVSS6.2AI score0.00262EPSS

Exploits0References3

CVE•added 2026/05/30 2:55 p.m.•26 views

CVE-2018-25418

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability in the year.php endpoint. The vulnerability allows unauthenticated attackers to send crafted GET requests with malicious payloads in the year parameter to execute arbitrary SQL queries. Impact stated includes extraction of sensitive data...

8.8CVSS6.1AI score0.00276EPSS

Exploits0References4

ATTACKERKB•added 2026/05/30 2:55 p.m.•11 views

CVE-2018-25416

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

8.8CVSS6.1AI score0.0027EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/30 2:55 p.m.•10 views

EUVD-2018-21938

8.8CVSS6.1AI score0.0027EPSS

Exploits0References4

Positive Technologies•added 2026/05/30 12:0 a.m.•12 views

PT-2026-45119

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

8.8CVSS6.1AI score0.0027EPSS

Exploits0References5

Positive Technologies•added 2026/05/30 12:0 a.m.•10 views

PT-2026-45113

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS6.1AI score0.00276EPSS

Exploits0References5

EUVD•added 2026/05/29 2:46 p.m.•7 views

EUVD-2018-21920

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frmpasswd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.00334EPSS

Exploits0References4

NVD•added 2026/04/12 1:16 p.m.•2 views

CVE-2019-25697

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to category.php with malicious catid values to extract sensitive database information includi...

9.8CVSS0.00413EPSS

Exploits1References3

EUVD•added 2026/04/03 9:27 p.m.•1 views

EUVD-2026-18882

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS5.8AI score0.00211EPSS

Exploits0References1

Positive Technologies•added 2026/04/03 12:0 a.m.•4 views

PT-2026-30244

6.9CVSS5.8AI score0.00211EPSS

Exploits0References3

CNNVD•added 2026/04/03 12:0 a.m.•5 views

Discourse 信息泄露漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.1.3, 2026.2.2, and 2026.3.0 contained a vulnerability related to information leakage. Thi...

6.9CVSS5.8AI score0.00211EPSS

Exploits0References1

NVD•added 2026/03/21 4:16 p.m.•6 views

CVE-2019-25576

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

8.8CVSS0.00338EPSS

Exploits1References4

Positive Technologies•added 2026/03/16 12:0 a.m.•5 views

PT-2026-25661

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

8.7CVSS5.8AI score0.00275EPSS

Exploits0References6

ATTACKERKB•added 2026/03/06 12:18 p.m.•2 views

CVE-2018-25166

Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to...

8.8CVSS6.1AI score0.00232EPSS

Exploits0References2Affected Software1

CVE•added 2026/03/06 12:18 p.m.•7 views

CVE-2018-25166

Meneame English Pligg 5.8 contains an SQL injection via the search parameter that allows unauthenticated attackers to execute arbitrary SQL through index.php, enabling retrieval of sensitive data such as usernames, database names and version details. The vulnerability is triggered by crafted SQL ...

8.8CVSS6.1AI score0.00232EPSS

Exploits0References2

Cvelist•added 2026/03/06 12:18 p.m.•24 views

CVE-2018-25165 Galaxy Forces MMORPG 0.5.8 SQL Injection via ads.php

Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attackers can send POST requests to ads.php with crafted SQL payloads in the type parameter to extract...

7.1CVSS0.00235EPSS

Exploits0References2

Positive Technologies•added 2026/03/06 12:0 a.m.•3 views

PT-2026-23701

Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod id' parameter. Attackers can send POST requests to the editar producto.php endpoint with crafted SQL payloads in the mod...

7.1CVSS6.1AI score0.00194EPSS

Exploits0References3

Wired Threat Level•added 2026/01/23 11:0 a.m.•5 views

149 Million Usernames and Passwords Exposed by Unsecured Database

This “dream wish list for criminals” includes millions of Gmail, Facebook, banking logins, and more. The researcher who discovered it suspects they were collected using infostealing malware...

5.4AI score

Exploits0

Cvelist•added 2025/12/04 8:41 p.m.•17 views

CVE-2024-58276 Obi08-Enrollment System 1.0 login.php SQL Injection

Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /getsubject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...

8.7CVSS0.00375EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by