Xconq CVEs and Security Vulnerabilities

Search

Expected end of text, found '.' (at char 16), (line:1, col:17)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (335439 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-50923	1 Cobiansoft	1 Cobian Backup	2026-03-02	7.8 High
Cobian Backup 0.9 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CobianReflectorService to inject malicious code that will execute with LocalSystem permissions during service startup.
CVE-2022-50917	2 Proton, Protonvpn	2 Protonvpn, Protonvpn	2026-03-02	7.8 High
ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated privileges during service startup.
CVE-2022-50915	1 Primera	1 Ptpublisher	2026-03-02	7.8 High
PTPublisher 2.3.4 contains an unquoted service path vulnerability in the PTProtect service that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Primera Technology\PTPublisher\UsbFlashDongleService.exe' to inject malicious executables and gain system-level access.
CVE-2022-50895	2 Aerocms Project, Megatkc	2 Aerocms, Aero Cms	2026-03-02	9.8 Critical
Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the system.
CVE-2021-47779	1 Dolibarr	3 Dolibarr, Dolibarr Erp/crm, Dolibarr Erp\/crm	2026-03-02	5.4 Medium
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text, potentially enabling privilege escalation.
CVE-2019-25461	1 Web-ofisi	1 Ticaret	2026-03-02	7.5 High
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using time-based blind SQL injection techniques to extract sensitive database information.
CVE-2019-25460	1 Web-ofisi	2 Platinum E-ticaret, Ticaret	2026-03-02	7.5 High
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL injection techniques to extract sensitive database information.
CVE-2019-25459	1 Web-ofisi	1 Emlak	2026-03-02	9.8 Critical
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak_durumu, emlak_tipi, il, ilce, kelime, and semt to extract sensitive database information or perform time-based blind SQL injection attacks.
CVE-2019-25458	1 Web-ofisi	1 Firma Rehberi	2026-03-02	9.8 Critical
Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks.
CVE-2019-25457	1 Web-ofisi	1 Firma	2026-03-02	7.5 High
Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injection payloads to extract sensitive database information.
CVE-2019-25456	1 Web-ofisi	1 Emlak	2026-03-02	9.1 Critical
Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cause denial of service.
CVE-2019-25455	1 Web-ofisi	2 E-ticaret, Ticaret	2026-03-02	7.5 High
Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information.
CVE-2019-25454	1 Phpmoadmin	1 Phpmoadmin	2026-03-02	6.1 Medium
phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter during collection creation to execute arbitrary JavaScript in users' browsers.
CVE-2019-25452	1 Dolibarr	2 Dolibarr Erp/crm, Dolibarr Erp\/crm	2026-03-02	7.5 High
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques.
CVE-2019-25451	1 Phpmoadmin	1 Phpmoadmin	2026-03-02	8.8 High
phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collection to create, drop, or repair databases and collections without user consent.
CVE-2019-25450	1 Dolibarr	2 Dolibarr Erp/crm, Dolibarr Erp\/crm	2026-03-02	7.5 High
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demand_reason_id, and availability_id in card.php endpoints to extract sensitive database information using boolean-based blind, error-based, and time-based blind techniques.
CVE-2019-25444	1 Phpscriptsmall	1 Fiverr Clone Script	2026-03-02	9.1 Critical
Fiverr Clone Script 1.2.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can supply malicious SQL syntax in the page parameter to extract sensitive database information or modify database contents.
CVE-2019-25442	1 Webwiz	1 Web Wiz Forums	2026-03-02	7.5 High
Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive database information.
CVE-2019-25438	2 Agilebio, Labcollector	2 Labcollector, Labcollector	2026-03-02	7.5 High
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication.
CVE-2019-25347	1 Kostasmitroglou	2 Password Management Application, Thesystem	2026-03-02	7.5 High
thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to user accounts.

« first previous Page 14 of 16772. next last »