Export limit exceeded: 18708 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18708 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46806 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-06-13 | N/A |
| An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | ||||
| CVE-2024-0289 | 1 Kashipara | 1 Food Management System | 2025-06-13 | 6.3 Medium |
| A vulnerability classified as critical was found in Kashipara Food Management System 1.0. This vulnerability affects unknown code of the file stock_entry_submit.php. The manipulation of the argument itemype leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249850 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-46807 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-06-13 | N/A |
| An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | ||||
| CVE-2024-0471 | 1 Code-projects | 1 Human Resource Integrated System | 2025-06-13 | 6.3 Medium |
| A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin_route/dec_service_credits.php. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250576. | ||||
| CVE-2024-1012 | 1 Whir | 1 Ezoffice | 2025-06-13 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Wanhu ezOFFICE 11.1.0. This issue affects some unknown processing of the file defaultroot/platform/bpm/work_flow/operate/wf_printnum.jsp. The manipulation of the argument recordId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252281 was assigned to this vulnerability. | ||||
| CVE-2025-26241 | 1 Osticket | 1 Osticket | 2025-06-13 | 6.5 Medium |
| A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination. | ||||
| CVE-2025-45542 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-06-13 | 7.3 High |
| SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. | ||||
| CVE-2024-57459 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-06-13 | 7.3 High |
| A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands. | ||||
| CVE-2023-0224 | 1 Givewp | 1 Givewp | 2025-06-13 | 9.8 Critical |
| The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks | ||||
| CVE-2023-50395 | 1 Solarwinds | 1 Solarwinds Platform | 2025-06-13 | 8 High |
| SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited | ||||
| CVE-2025-44830 | 1 Engineercms Project | 1 Engineercms | 2025-06-13 | 9.8 Critical |
| EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface. | ||||
| CVE-2023-29881 | 1 Phpok | 1 Phpok | 2025-06-13 | 6.5 Medium |
| phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php. | ||||
| CVE-2024-40560 | 2 Mini Tmall Project, Project Team | 2 Tmall Demo, Tmall Demo | 2025-06-13 | 7.3 High |
| Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability. | ||||
| CVE-2025-25426 | 1 Guchengwuyue | 1 Yshopmall | 2025-06-12 | 7.2 High |
| yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface. | ||||
| CVE-2025-26047 | 1 Olajowon | 1 Loggrove | 2025-06-12 | 5.1 Medium |
| Loggrove v1.0 is vulnerable to SQL Injection in the read.py file. | ||||
| CVE-2025-45240 | 1 Qianfox | 1 Foxcms | 2025-06-12 | 6.5 Medium |
| foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php. | ||||
| CVE-2025-44073 | 1 Seacms | 1 Seacms | 2025-06-12 | 9.8 Critical |
| SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php. | ||||
| CVE-2024-11269 | 1 Mitchelllevy | 1 Ahathat | 2025-06-12 | 7.2 High |
| The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks. | ||||
| CVE-2024-11267 | 1 Joomlaserviceprovider | 1 Jsp Store Locator | 2025-06-12 | 8.8 High |
| The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks. | ||||
| CVE-2025-47785 | 1 Emlog | 1 Emlog | 2025-06-12 | 8.3 High |
| Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. As of time of publication, it is unknown whether a fix exists. | ||||