Export limit exceeded: 75417 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75417 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25500 | 2 Niteosoft, Simplejobscript | 2 Simple Job Script, Simplejobscript | 2026-04-07 | 8.2 High |
| Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to extract sensitive data or modify database contents. | ||||
| CVE-2019-25499 | 2 Niteosoft, Simplejobscript | 2 Simple Job Script, Simplejobscript | 2026-04-07 | 8.2 High |
| Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. Attackers can send POST requests to get_job_applications_ajax.php with malicious job_id values to bypass authentication, extract sensitive data, or modify database contents. | ||||
| CVE-2019-25498 | 2 Niteosoft, Simplejobscript | 2 Simple Job Script, Simplejobscript | 2026-04-07 | 8.2 High |
| Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter. Attackers can send POST requests to the searched endpoint with malicious SQL payloads to bypass authentication and extract sensitive database information. | ||||
| CVE-2019-25497 | 1 Oscommerce | 1 Oscommerce | 2026-04-07 | 8.2 High |
| osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shopping_cart.php with malicious currency values using boolean-based SQL injection payloads to extract sensitive database information. | ||||
| CVE-2019-25496 | 1 Oscommerce | 1 Oscommerce | 2026-04-07 | 8.2 High |
| osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can modify the products_id value in product_info.php requests and append boolean-based SQL injection payloads to extract sensitive database information. | ||||
| CVE-2019-25495 | 1 Oscommerce | 1 Oscommerce | 2026-04-07 | 8.2 High |
| osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests to product_reviews_write.php with malicious reviews_id values using boolean-based SQL injection payloads to extract sensitive database information. | ||||
| CVE-2019-25494 | 1 Doditsolutions | 2 Airbnb Clone Script, Homey Bnb (airbnb Clone Script) | 2026-04-07 | 8.2 High |
| Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the authentication query and gain unauthorized access to the admin panel. | ||||
| CVE-2019-25493 | 1 Doditsolutions | 2 Airbnb Clone Script, Homey Bnb (airbnb Clone Script) | 2026-04-07 | 8.2 High |
| Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive database information. | ||||
| CVE-2019-25492 | 1 Doditsolutions | 2 Airbnb Clone Script, Homey Bnb (airbnb Clone Script) | 2026-04-07 | 8.2 High |
| Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database information. | ||||
| CVE-2019-25491 | 1 Doditsolutions | 2 Airbnb Clone Script, Homey Bnb (airbnb Clone Script) | 2026-04-07 | 8.2 High |
| Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cms_getpagetitle.php endpoint with malicious catid values to extract sensitive database information. | ||||
| CVE-2019-25490 | 1 Doditsolutions | 2 Airbnb Clone Script, Homey Bnb (airbnb Clone Script) | 2026-04-07 | 8.2 High |
| Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive database information. | ||||
| CVE-2019-25489 | 1 Doditsolutions | 2 Airbnb Clone Script, Homey Bnb (airbnb Clone Script) | 2026-04-07 | 8.2 High |
| Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. Attackers can send GET requests to the rooms/ajax_refresh_subtotal endpoint with malicious hosting_id values to extract sensitive database information or cause denial of service. | ||||
| CVE-2019-25486 | 1 Varient | 1 Varient Sql Inj. | 2026-04-07 | 8.2 High |
| Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. Attackers can submit POST requests with crafted SQL payloads in the user_id field to bypass authentication and extract sensitive database information. | ||||
| CVE-2019-25483 | 1 Comtrend | 1 Ar-5310 | 2026-04-07 | 8.4 High |
| Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed as arguments to allowed commands like ping to execute unrestricted shell access. | ||||
| CVE-2019-25480 | 1 Armbot | 1 Armbot | 2026-04-07 | 7.5 High |
| ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../public_html/ to write executable code to the web root and achieve remote code execution. | ||||
| CVE-2019-25478 | 1 Getgosoft | 1 Getgo Download Manager | 2026-04-07 | 7.5 High |
| GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it unavailable. | ||||
| CVE-2019-25472 | 1 Intelbras | 2 Telefone Ip Tip 200, Telefone Ip Tip 200 Lite | 2026-04-07 | 7.5 High |
| IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization. | ||||
| CVE-2019-25470 | 1 Ewon | 1 Ewon | 2026-04-07 | 7.5 High |
| eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentials and a crafted wsdList parameter to extract encrypted passwords for all users, which can be decrypted using a hardcoded XOR key. | ||||
| CVE-2019-25467 | 1 Verypdf | 1 Docprint Pro | 2026-04-07 | 8.4 High |
| Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with encoded shellcode and SEH chain manipulation to bypass protections and execute a MessageBox proof-of-concept when the password fields are processed during PDF encryption. | ||||
| CVE-2019-25466 | 1 Sharing-file | 1 Easy File Sharing Web Server | 2026-04-07 | 8.4 High |
| Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh value and seh pointer to trigger the overflow when adding a new user account. | ||||