Export limit exceeded: 18364 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18364 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26694 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-03-03 | 9.8 Critical |
| code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php. | ||||
| CVE-2026-26698 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-03-03 | 4.9 Medium |
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php. | ||||
| CVE-2026-26697 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-03-03 | 4.9 Medium |
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=. | ||||
| CVE-2025-50190 | 1 Chamilo | 1 Chamilo Lms | 2026-03-03 | 9.8 Critical |
| Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-50191 | 1 Chamilo | 1 Chamilo Lms | 2026-03-03 | 7.2 High |
| Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-50192 | 1 Chamilo | 1 Chamilo Lms | 2026-03-03 | 9.8 Critical |
| Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-50189 | 1 Chamilo | 1 Chamilo Lms | 2026-03-03 | 8.8 High |
| Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/copy_course_session_selected.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-50188 | 1 Chamilo | 1 Chamilo Lms | 2026-03-03 | 7.2 High |
| Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30. | ||||
| CVE-2026-28399 | 1 Nocodb | 1 Nocodb | 2026-03-03 | 8.8 High |
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3. | ||||
| CVE-2026-26696 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-03-03 | 9.8 Critical |
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php. | ||||
| CVE-2026-3057 | 1 A54552239 | 1 Pearprojectapi | 2026-03-03 | 6.3 Medium |
| A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-39027 | 1 Seacms | 1 Seacms | 2026-03-03 | 7.5 High |
| SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked. | ||||
| CVE-2026-2682 | 2 Tsinghua Unigroup, Unigroup | 2 Electronic Archives System, Electronic Archives System | 2026-03-03 | 6.3 Medium |
| A vulnerability has been found in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). Impacted is an unknown function of the file /mine/PublicReport/prinReport.html?token=java. Such manipulation of the argument comid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-26713 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-03-03 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php. | ||||
| CVE-2026-26712 | 1 Carmelo | 1 Simple Food Order System | 2026-03-03 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php. | ||||
| CVE-2026-26711 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-03-03 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php. | ||||
| CVE-2026-26710 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-03-03 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php. | ||||
| CVE-2026-26708 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-03-03 | 9.8 Critical |
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_user.php. | ||||
| CVE-2026-26704 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-03-03 | 9.8 Critical |
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_category.php. | ||||
| CVE-2026-26705 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-03-03 | 9.8 Critical |
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_product.php. | ||||