Export limit exceeded: 343725 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18609 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18609 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60265 | 2 Bestfeng, Xckk | 2 Xckk, Xckk | 2025-10-16 | 6.5 Medium |
| In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability. | ||||
| CVE-2025-60311 | 1 Projectworlds | 2 Gym Management System, Gym Management System Project | 2025-10-16 | 8.8 High |
| ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page | ||||
| CVE-2025-60266 | 2 Bestfeng, Xckk | 2 Xckk, Xckk | 2025-10-16 | 6.5 Medium |
| In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability. | ||||
| CVE-2025-60267 | 2 Bestfeng, Xckk | 2 Xckk, Xckk | 2025-10-16 | 6.5 Medium |
| In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability. | ||||
| CVE-2025-60316 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-10-16 | 9.4 Critical |
| SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/view_customer.php via the ID parameter. | ||||
| CVE-2025-1958 | 1 Aaluoxiang | 1 Oa System | 2025-10-15 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in aaluoxiang oa_system 1.0. This issue affects some unknown processing of the file src/main/resources/mappers/address-mapper.xml. The manipulation of the argument outtype leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-40711 | 1 Quiter | 1 Quiter Gateway | 2025-10-15 | 9.8 Critical |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/VerFacturaPDF. | ||||
| CVE-2025-40712 | 1 Quiter | 1 Quiter Gateway | 2025-10-15 | 9.8 Critical |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/DescargarFactura. | ||||
| CVE-2025-40713 | 1 Quiter | 1 Quiter Gateway | 2025-10-15 | 9.8 Critical |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo parameter in/<Client>FacturaE/BusquedasFacturasSesion. | ||||
| CVE-2025-40714 | 1 Quiter | 1 Quiter Gateway | 2025-10-15 | 9.8 Critical |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo id_factura in /<Client>FacturaE/listado_facturas_ficha.jsp. | ||||
| CVE-2025-3846 | 1 Markparticle | 1 Webserver | 2025-10-15 | 7.3 High |
| A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file code/http/httprequest.cpp of the component Registration. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3847 | 1 Markparticle | 1 Webserver | 2025-10-15 | 7.3 High |
| A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3856 | 1 Xxyopen | 1 Novel-plus | 2025-10-15 | 6.3 Medium |
| A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2722 | 2 Atisoluciones, Ciges | 2 Ciges, Cigesv2 | 2025-10-15 | 9.8 Critical |
| SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. | ||||
| CVE-2024-2723 | 2 Atisoluciones, Ciges | 2 Ciges, Cigesv2 | 2025-10-15 | 9.8 Critical |
| SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. | ||||
| CVE-2024-2724 | 2 Atisoluciones, Ciges | 2 Ciges, Cigesv2 | 2025-10-15 | 9.8 Critical |
| SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. | ||||
| CVE-2025-46011 | 1 Nadh | 1 Listmonk | 2025-10-15 | 6.5 Medium |
| Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges. | ||||
| CVE-2025-10808 | 1 Campcodes | 1 Farm Management System | 2025-10-15 | 7.3 High |
| A weakness has been identified in Campcodes Farm Management System 1.0. Impacted is an unknown function of the file /uploadProduct.php. This manipulation of the argument Type causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-10098 | 1 Phpgurukul | 1 User Management System | 2025-10-15 | 6.3 Medium |
| A security flaw has been discovered in PHPGurukul User Management System 1.0. Affected is an unknown function of the file /admin/edit-user-profile.php. The manipulation of the argument uid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | ||||
| CVE-2024-4257 | 1 Bluenettechnology | 1 Clinical Browsing System | 2025-10-15 | 6.3 Medium |
| A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262149 was assigned to this vulnerability. | ||||