Export limit exceeded: 364871 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2689 | 2 Admerc, Itsourcecode | 2 Event Management System, Event Management System | 2026-04-18 | 7.3 High |
| A vulnerability was detected in itsourcecode Event Management System 1.0. Affected is an unknown function of the file /admin/manage_booking.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. | ||||
| CVE-2026-3200 | 1 Z-9527 | 1 Admin | 2026-04-18 | 7.3 High |
| A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2584 | 1 Ciser System | 1 Csip Firmware | 2026-04-18 | N/A |
| A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L). | ||||
| CVE-2026-26891 | 2 Oretnom23, Sourcecodester | 2 Simple Logistic Hub Parcel\'s Management System, Logistic Hub Parcels Management System | 2026-04-18 | 2.7 Low |
| Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php. | ||||
| CVE-2019-25693 | 2 Montala, Resourcespace | 2 Resourcespace, Resourcespace | 2026-04-18 | 7.1 High |
| ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data. | ||||
| CVE-2026-37339 | 1 Sourcecodester | 1 Simple Music Cloud Community System | 2026-04-18 | 9.8 Critical |
| SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php. | ||||
| CVE-2026-37340 | 1 Sourcecodester | 1 Simple Music Cloud Community System | 2026-04-18 | 9.8 Critical |
| SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/edit_music.php. | ||||
| CVE-2026-37342 | 1 Sourcecodester | 1 Vehicle Parking Area Management System | 2026-04-18 | 7.2 High |
| SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/view_parked_details.php. | ||||
| CVE-2026-0592 | 2 Code-projects, Fabian | 2 Online Product Reservation System, Online Product Reservation System | 2026-04-18 | 7.3 High |
| A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This affects an unknown function of the file /handgunner-administrator/register_code.php of the component User Registration Handler. Performing a manipulation of the argument fname/lname/address/city/province/country/zip/tel_no/email/username results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-0697 | 2 Carmelo, Code-projects | 2 Intern Membership Management System, Intern Membership Management System | 2026-04-18 | 4.7 Medium |
| A flaw has been found in code-projects Intern Membership Management System 1.0. The impacted element is an unknown function of the file /intern/admin/edit_admin.php. This manipulation of the argument admin_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2026-0699 | 2 Carmelo, Code-projects | 2 Intern Membership Management System, Intern Membership Management System | 2026-04-18 | 4.7 Medium |
| A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2026-0700 | 2 Carmelo, Code-projects | 2 Intern Membership Management System, Intern Membership Management System | 2026-04-18 | 7.3 High |
| A vulnerability was determined in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /intern/admin/check_admin.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-0733 | 1 Phpgurukul | 1 Online Course Registration System | 2026-04-18 | 6.3 Medium |
| A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-0850 | 2 Carmelo, Code-projects | 2 Intern Membership Management System, Intern Membership Management System | 2026-04-18 | 4.7 Medium |
| A vulnerability was determined in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-0851 | 2 Code-projects, Fabian | 2 Online Music Site, Online Music Site | 2026-04-18 | 7.3 High |
| A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | ||||
| CVE-2026-1105 | 1 Easycms | 1 Easycms | 2026-04-18 | 7.3 High |
| A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-1121 | 1 Yonyou | 1 Ksoa | 2026-04-18 | 7.3 High |
| A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/del_workplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-1129 | 1 Yonyou | 1 Ksoa | 2026-04-18 | 7.3 High |
| A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-1132 | 1 Yonyou | 1 Ksoa | 2026-04-18 | 7.3 High |
| A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/edit_folder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-0610 | 1 Devolutions | 1 Devolutions Server | 2026-04-18 | 9.8 Critical |
| SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12 | ||||