CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-21708 A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user. | N/A | NONE | — | 0 |
| CVE-2026-21672 A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers. | N/A | NONE | — | 0 |
| CVE-2026-4044 A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument f... | 3.8 | LOW | — | 0 |
| CVE-2026-4043 A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index lead... | 8.8 | HIGH | — | 0 |
| CVE-2019-25543 Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attack... | 8.2 | HIGH | — | 0 |
| CVE-2019-25542 Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter. A... | 8.2 | HIGH | — | 0 |
| CVE-2019-25541 Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-b... | 8.2 | HIGH | — | 0 |
| CVE-2019-25540 Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers... | 8.2 | HIGH | — | 0 |
| CVE-2019-25539 202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can se... | 8.2 | HIGH | — | 0 |
| CVE-2019-25538 202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send cr... | 8.2 | HIGH | — | 0 |
| CVE-2019-25537 Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parame... | 8.2 | HIGH | — | 0 |
| CVE-2019-25536 Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[]... | 8.2 | HIGH | — | 0 |
| CVE-2019-25535 Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can... | 8.2 | HIGH | — | 0 |
| CVE-2019-25534 Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. ... | 8.2 | HIGH | — | 0 |
| CVE-2019-25533 Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. A... | 8.2 | HIGH | — | 0 |
| CVE-2019-25532 Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers ca... | 8.2 | HIGH | — | 0 |
| CVE-2019-25531 Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit cr... | 8.2 | HIGH | — | 0 |
| CVE-2019-25530 uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter. Attackers... | 8.2 | HIGH | — | 0 |
| CVE-2019-25529 Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send... | 7.1 | HIGH | — | 0 |
| CVE-2019-25528 Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter... | 8.2 | HIGH | — | 0 |
| CVE-2019-25527 Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter.... | 8.2 | HIGH | — | 0 |
| CVE-2019-25526 Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter.... | 8.2 | HIGH | — | 0 |
| CVE-2019-25525 Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. A... | 8.2 | HIGH | — | 0 |
| CVE-2019-25524 XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET r... | 8.2 | HIGH | — | 0 |
| CVE-2019-25523 XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GE... | 8.2 | HIGH | — | 0 |
| CVE-2019-25522 XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo_id parameter. Attackers ca... | 8.2 | HIGH | — | 0 |
| CVE-2019-25521 XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal_id parameter. Attackers can send GE... | 8.2 | HIGH | — | 0 |
| CVE-2019-25520 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting ... | 8.2 | HIGH | — | 0 |
| CVE-2019-25519 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Att... | 8.2 | HIGH | — | 0 |
| CVE-2019-25518 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter.... | 8.2 | HIGH | — | 0 |
| CVE-2019-25517 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. ... | 8.2 | HIGH | — | 0 |
| CVE-2019-25516 Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id para... | 8.2 | HIGH | — | 0 |
| CVE-2019-25515 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by s... | 7.5 | HIGH | — | 0 |
| CVE-2019-25514 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can ma... | 8.2 | HIGH | — | 0 |
| CVE-2019-25513 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. ... | 8.2 | HIGH | — | 0 |
| CVE-2019-25512 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can ma... | 8.2 | HIGH | — | 0 |
| CVE-2019-25511 Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid paramet... | 8.2 | HIGH | — | 0 |
| CVE-2019-25510 Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting ... | 8.2 | HIGH | — | 0 |
| CVE-2019-25509 XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET r... | 8.2 | HIGH | — | 0 |
| CVE-2019-25508 Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter.... | 8.2 | HIGH | — | 0 |
| CVE-2019-25488 Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attac... | 8.2 | HIGH | — | 0 |
| CVE-2019-25482 Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kateg... | 8.2 | HIGH | — | 0 |
| CVE-2019-25481 iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Atta... | 8.2 | HIGH | — | 0 |
| CVE-2019-25479 Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST ... | 8.2 | HIGH | — | 0 |
| CVE-2019-25473 Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests... | 7.1 | HIGH | — | 0 |
| CVE-2026-4042 A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index cause... | 8.8 | HIGH | — | 0 |
| CVE-2026-4041 A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buf... | 8.8 | HIGH | — | 0 |
| CVE-2026-28384 An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the... | N/A | NONE | — | 0 |
| CVE-2026-21671 A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication. | 9.1 | CRITICAL | — | 0 |
| CVE-2026-21670 A vulnerability allowing a low-privileged user to extract saved SSH credentials. | 7.7 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.