Export limit exceeded: 18777 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18777 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41521 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | 8.8 High |
| Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters. | ||||
| CVE-2023-41522 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | 8.8 High |
| Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters. | ||||
| CVE-2023-41523 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | 8.8 High |
| Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php. | ||||
| CVE-2023-41524 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | 8.8 High |
| Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php. | ||||
| CVE-2025-8811 | 1 Code-projects | 1 Simple Art Gallery | 2025-08-13 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-44906 | 1 Uptrace | 1 Pgdriver | 2025-08-13 | 6.5 Medium |
| uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go. The maintainer has stated that the issue is fixed in v1.2.15. | ||||
| CVE-2023-35720 | 1 Asus | 2 Rt-ax92u, Rt-ax92u Firmware | 2025-08-12 | N/A |
| ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mod_webdav.so module. When parsing a request, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-16078. | ||||
| CVE-2025-30507 | 1 Cyberdata | 2 011209 Sip Emergency Intercom, 011209 Sip Emergency Intercom Firmware | 2025-08-12 | 5.3 Medium |
| CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections. | ||||
| CVE-2023-41530 | 2 Hospital Management System, Kishan0725 | 2 Hospital Management System, Hospital Management System | 2025-08-12 | 9.8 Critical |
| Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. | ||||
| CVE-2023-41525 | 2 Hospital Management System, Kishan0725 | 2 Hospital Management System, Hospital Management System | 2025-08-12 | 9.8 Critical |
| Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | ||||
| CVE-2023-41526 | 2 Hospital Management System, Kishan0725 | 2 Hospital Management System, Hospital Management System | 2025-08-12 | 9.8 Critical |
| Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters. | ||||
| CVE-2023-41531 | 2 Hospital Management System, Kishan0725 | 2 Hospital Management System, Hospital Management System | 2025-08-12 | 8.8 High |
| Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters. | ||||
| CVE-2023-41528 | 2 Hospital Management System, Kishan0725 | 2 Hospital Management System, Hospital Management System | 2025-08-12 | 9.8 Critical |
| Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters. | ||||
| CVE-2025-54396 | 1 Netwrix | 1 Directory Manager | 2025-08-12 | 5.4 Medium |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this. | ||||
| CVE-2025-50468 | 1 Open-metadata | 1 Openmetadata | 2025-08-12 | 6.5 Medium |
| OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query. | ||||
| CVE-2025-50465 | 1 Open-metadata | 1 Openmetadata | 2025-08-12 | 7.1 High |
| OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query. | ||||
| CVE-2025-50467 | 1 Open-metadata | 1 Openmetadata | 2025-08-12 | 6.5 Medium |
| OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query. | ||||
| CVE-2025-50466 | 1 Open-metadata | 1 Openmetadata | 2025-08-12 | 7.1 High |
| OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query. | ||||
| CVE-2023-41532 | 1 Kishan0725 | 1 Hospital Management System | 2025-08-11 | 8.8 High |
| Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php. | ||||
| CVE-2023-41527 | 1 Kishan0725 | 1 Hospital Management System | 2025-08-11 | 9.8 Critical |
| Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php. | ||||