Lucene search
K

2184 matches found

Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.16 views

PT-2026-45122

MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00262EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.10 views

CVE-2018-25399 The Open ISES Project 3.30A SQL Injection via nearby.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticklat and ticklng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 2:46 p.m.30 views

CVE-2018-25399 The Open ISES Project 3.30A SQL Injection via nearby.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticklat and ticklng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract...

8.8CVSS0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.10 views

EUVD-2018-21921

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticklat and ticklng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.9 views

EUVD-2018-21920

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frmpasswd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-44877

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick lat and tick lng parameters. Attackers can send GET requests to nearby.php with crafted SQL payloads to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-44876

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm passwd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.95 views

ZTE ZXHN H188A V6 - Authentication Bypass

Exploit Title: ZTE ZXHN H188A V6 - Authentication Bypass Date: 2026-05-20 Exploit Author: Mina Nageh Salalma Monx Research Vendor Homepage: https://www.zte.com.cn Software Link: https://github.com/minanagehsalalma/cve-2026-34472-auth-bypass-zte-h188a-router Version: ZXHN H188A V6.0.10P2TE,...

7.1CVSS5.8AI score0.08943EPSS
Exploits3
OSV
OSV
added 2026/05/27 12:47 p.m.13 views

USN-8320-1 memcached vulnerabilities

It was discovered that Memcached's SASL password database authentication had a timing side channel when handling username and password data. A remote attacker could possibly use this issue to obtain sensitive information...

8.1CVSS5.8AI score0.01312EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/05/26 12:0 a.m.63 views

📄 ZTE ZXHN H188A V6 Authentication Bypass

Unauthenticated requests to the root path of ZTE ZXHN H188A V6 firmware can reach pre-login wizard handlers and disclose WLAN PSKs, SSIDs, and PPPoE usernames. The leaked Wi-Fi password is also the default administrator password after uppercasing, resulting in full authentication bypass. -----BEG...

7.1CVSS5.8AI score0.08943EPSS
Exploits3
NVD
NVD
added 2026/05/25 3:16 p.m.15 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS0.00337EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/25 2:15 p.m.11 views

EUVD-2018-21886

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS6.2AI score0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 2:15 p.m.24 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection flaw accessible without authentication via search.php. An attacker can inject malicious code into the name parameter to perform error-based and union-based SQL injections, enabling extraction of database information such as usernames, credentials, and syst...

8.8CVSS6.2AI score0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 2:15 p.m.20 views

CVE-2018-25362

CVE-2018-25362 affects Twitter-Clone 1 with a SQL injection in follow.php via the userid parameter. The vulnerability lets an attacker manipulate queries using union-based or time-based blind payloads to extract sensitive data such as usernames, passwords, and database credentials. Impact is Conf...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.10 views

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/25 2:15 p.m.9 views

EUVD-2018-21882

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.16 views

PT-2026-43215

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.8 views

CVE-2018-25341 Smartshop 1 SQL Injection via product.php id Parameter

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/23 6:30 p.m.12 views

EUVD-2018-21865

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/22 1:17 p.m.9 views

CVE-2026-8672 Default credentials for internal DB

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...

5.1CVSS5.8AI score0.00105EPSS
Exploits0References1
Rows per page
Query Builder