Export limit exceeded: 348911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18922 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8903 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2016-8904 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2016-8905 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. | ||||
| CVE-2016-8907 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2016-8908 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | ||||
| CVE-2015-7448 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2025-04-12 | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-8261 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | N/A |
| The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request. | ||||
| CVE-2016-1000118 | 1 Huge-it | 1 Slideshow | 2025-04-12 | N/A |
| XSS & SQLi in HugeIT slideshow v1.0.4 | ||||
| CVE-2016-1000119 | 1 Huge-it | 1 Catalog | 2025-04-12 | N/A |
| SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | ||||
| CVE-2016-1000120 | 1 Huge-it | 1 Catalog | 2025-04-12 | N/A |
| SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | ||||
| CVE-2016-1000122 | 1 Huge-it | 1 Slider | 2025-04-12 | N/A |
| XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | ||||
| CVE-2016-1000123 | 1 Huge-it | 1 Video Gallery | 2025-04-12 | N/A |
| Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla | ||||
| CVE-2016-1000124 | 1 Huge-it | 1 Portfolio Gallery | 2025-04-12 | N/A |
| Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 | ||||
| CVE-2016-1000125 | 1 Huge-it | 1 Huge-it Catalog | 2025-04-12 | N/A |
| Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla | ||||
| CVE-2022-44137 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-11 | 7.2 High |
| SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection. | ||||
| CVE-2025-25877 | 1 Angeljudesuarez | 1 Simple Chatbox | 2025-04-11 | 3.8 Low |
| A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data. | ||||
| CVE-2025-1381 | 1 Code-projects | 1 Real Estate Property Management System | 2025-04-11 | 6.3 Medium |
| A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax_city.php. The manipulation of the argument CityName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-25686 | 1 Sem-cms | 1 Semcms | 2025-04-11 | 9.8 Critical |
| semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php. | ||||
| CVE-2025-2831 | 1 Mingyuefusu | 1 Library Management System | 2025-04-11 | 6.3 Medium |
| A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1&limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-35354 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2025-04-11 | 9.8 Critical |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_category. Manipulating the argument id can result in SQL injection. | ||||