Critical Vulnerabilities with Public Exploits

Updated 53m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,402 CVEs tracked 53,629 with exploits 4,859 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,301 vendors 43,863 researchers

4,101 results Clear all

CVE-2017-15987 9.8 CRITICAL 1 PoC Analysis EPSS 0.01

Fake Magazine Cover Script - SQL Injection

Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.

CWE-89 Oct 31, 2017

CVE-2017-15986 9.8 CRITICAL 1 PoC Analysis EPSS 0.01

Cpa Lead Reward Script - SQL Injection

CPA Lead Reward Script allows SQL Injection via the username parameter.

CWE-89 Oct 31, 2017

CVE-2017-15985 9.8 CRITICAL 1 PoC Analysis EPSS 0.01

Readymadeb2bscript Basic B2b Script - SQL Injection

Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.

CWE-89 Oct 31, 2017

CVE-2017-15984 9.8 CRITICAL 1 PoC Analysis EPSS 0.01

Bekirk Creative Management System Lite - SQL Injection

Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.

CWE-89 Oct 31, 2017

CVE-2017-15983 9.8 CRITICAL 1 PoC Analysis EPSS 0.01

Geniusocean Mymagazine Magazine & Blog Cms - SQL Injection

MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.

CWE-89 Oct 31, 2017

CVE-2017-15982 9.8 CRITICAL 1 PoC Analysis EPSS 0.01

Geniusocean News - SQL Injection

Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.

CWE-89 Oct 31, 2017

CVE-2017-15981 9.8 CRITICAL 1 PoC Analysis EPSS 0.01

Geniusocean Newspaper - SQL Injection

Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.

CWE-89 Oct 31, 2017

CVE-2017-15980 9.8 CRITICAL 1 PoC Analysis EPSS 0.01

Rowindex US Zip Codes Database Script - SQL Injection

US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.

CWE-89 Oct 31, 2017

CVE-2017-15979 9.8 CRITICAL 1 PoC Analysis EPSS 0.01

Odallated Shareet - SQL Injection

Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.

CWE-89 Oct 31, 2017

CVE-2017-15978 9.8 CRITICAL 1 PoC Analysis EPSS 0.01

Arox School Erp Php Script - SQL Injection

AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.

CWE-89 Oct 31, 2017

CVE-2017-15977 9.8 CRITICAL 1 PoC Analysis EPSS 0.01

Protectedlinks Expiring Download Links - SQL Injection

Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.

CWE-89 Oct 31, 2017

CVE-2017-15976 9.8 CRITICAL 1 PoC Analysis EPSS 0.03

Zeescripts Zeebuddy - SQL Injection

ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.

CWE-89 Oct 29, 2017

CVE-2017-15975 9.8 CRITICAL 1 PoC Analysis EPSS 0.03

Vastal Dating Zone - SQL Injection

Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.

CWE-89 Oct 29, 2017

CVE-2017-15974 9.8 CRITICAL 1 PoC Analysis EPSS 0.04

Datacomponents Tpanel - SQL Injection

tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.

CWE-89 Oct 29, 2017

CVE-2017-15973 9.8 CRITICAL 1 PoC Analysis EPSS 0.02

Sokial - SQL Injection

Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.

CWE-89 Oct 29, 2017

CVE-2017-15972 9.8 CRITICAL 1 PoC Analysis EPSS 0.02

Softdatepro Dating Software - SQL Injection

SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971.

CWE-89 Oct 29, 2017

CVE-2017-15971 9.8 CRITICAL 1 PoC Analysis EPSS 0.02

Softdatepro Same Date Pro - SQL Injection

Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.

CWE-89 Oct 29, 2017

CVE-2017-15970 9.8 CRITICAL 1 PoC Analysis EPSS 0.03

Phpcityportal - SQL Injection

PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.

CWE-89 Oct 29, 2017

CVE-2017-15969 9.8 CRITICAL 1 PoC Analysis EPSS 0.02

Pilotgroup Allsharevideo - SQL Injection

PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.

CWE-89 Oct 29, 2017

CVE-2017-15968 9.8 CRITICAL 1 PoC Analysis EPSS 0.02

Contractorscripts Mybuildersite - SQL Injection

MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.

CWE-89 Oct 29, 2017