Export limit exceeded: 340530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 340530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18332 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5840 | 1 Abarcar | 1 Abarcar Realty Portal | 2026-03-13 | N/A |
| Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. NOTE: the vendor has notified CVE that the current version only creates static pages, and that slistl.php/slid never existed in any version | ||||
| CVE-2026-32127 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-03-13 | 8.8 High |
| OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax graphs library. This vulnerability is fixed in 8.0.0.1. | ||||
| CVE-2019-25494 | 1 Doditsolutions | 2 Airbnb Clone Script, Homey Bnb (airbnb Clone Script) | 2026-03-13 | 8.2 High |
| Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the authentication query and gain unauthorized access to the admin panel. | ||||
| CVE-2025-49784 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer-bigdata, Fortianalyzer Big Data | 2026-03-12 | 5.6 Medium |
| An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. | ||||
| CVE-2020-37057 | 2 Nayem-howlader, Sunnygkp10 | 3 Online Exam System, Online-exam-system, Online-exam-system- | 2026-03-12 | 8.2 High |
| Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information. | ||||
| CVE-2020-37051 | 2 Nayem-howlader, Sunnygkp10 | 3 Online Exam System, Online-exam-system, Online-exam-system- | 2026-03-12 | 8.2 High |
| Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters. | ||||
| CVE-2025-45809 | 1 Litellm | 1 Litellm | 2026-03-12 | 5.4 Medium |
| SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key parameter to the "/key/block" and "/key/unblock" API endpoints. | ||||
| CVE-2026-3740 | 2 Angeljudesuarez, Itsourcecode | 2 University Management System, University Management System | 2026-03-12 | 7.3 High |
| A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php. This manipulation of the argument admin_search_student causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2023-39417 | 3 Debian, Postgresql, Redhat | 10 Debian Linux, Postgresql, Advanced Cluster Security and 7 more | 2026-03-12 | 7.5 High |
| IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | ||||
| CVE-2026-3730 | 1 Itsourcecode | 1 Free Hotel Reservation System | 2026-03-11 | 7.3 High |
| A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod_amenities/index.php?view=edit. Performing a manipulation of the argument amen_id/rmtype_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-3736 | 2 Carmelo, Code-projects | 2 Simple Flight Ticket Booking System, Simple Flight Ticket Booking System | 2026-03-11 | 7.3 High |
| A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulation of the argument from results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-3735 | 2 Carmelo, Code-projects | 2 Simple Flight Ticket Booking System, Simple Flight Ticket Booking System | 2026-03-11 | 7.3 High |
| A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file SearchResultOneway.php. Such manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-3747 | 2 Angeljudesuarez, Itsourcecode | 2 University Management System, University Management System | 2026-03-11 | 7.3 High |
| A vulnerability was identified in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /add_result.php. Such manipulation of the argument subject leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-3746 | 2 Oretnom23, Sourcecodester | 2 Simple Responsive Tourism Website, Simple Responsive Tourism Website | 2026-03-11 | 7.3 High |
| A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3745 | 2 Carmelo, Code-projects | 2 Student Web Portal, Student Web Portal | 2026-03-11 | 6.3 Medium |
| A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-3744 | 2 Carmelo, Code-projects | 2 Student Web Portal, Student Web Portal | 2026-03-11 | 7.3 High |
| A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manipulation of the argument reg_passwd leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-3751 | 2 Oretnom23, Sourcecodester | 2 Employee Task Management System, Employee Task Management System | 2026-03-11 | 4.7 Medium |
| A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. | ||||
| CVE-2026-3752 | 2 Oretnom23, Sourcecodester | 2 Employee Task Management System, Employee Task Management System | 2026-03-11 | 4.7 Medium |
| A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler. This manipulation of the argument Date causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2026-3757 | 1 Projectworlds | 1 Online Art Gallery Shop | 2026-03-11 | 7.3 High |
| A security flaw has been discovered in projectworlds Online Art Gallery Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /?pass=1. The manipulation of the argument fnm results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-3756 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-03-11 | 6.3 Medium |
| A vulnerability was identified in SourceCodester Sales and Inventory System up to 1.0. Affected is an unknown function of the file /check_item_details.php. The manipulation of the argument stock_name1 leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | ||||