Export limit exceeded: 18952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18952 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25914 | 1 Carmelo | 1 Online Exam Mastering System | 2025-04-08 | 9.8 Critical |
| SQL injection vulnerability in Online Exam Mastering System v.1.0 allows a remote attacker to execute arbitrary code via the fid parameter | ||||
| CVE-2024-25428 | 1 Mrcms | 1 Mrcms | 2025-04-08 | 6.5 Medium |
| SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter. | ||||
| CVE-2025-2385 | 1 Code-projects | 1 Modern Bag | 2025-04-07 | 7.3 High |
| A vulnerability has been found in code-projects Modern Bag 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument userEmail/userPassword leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-48090 | 1 Hotel Management System Project | 1 Hotel Management System | 2025-04-07 | 6.5 Medium |
| Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php. | ||||
| CVE-2022-46956 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2025-04-07 | 7.2 High |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. | ||||
| CVE-2022-46955 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2025-04-07 | 9.8 Critical |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue. | ||||
| CVE-2022-46953 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2025-04-07 | 7.2 High |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_window. | ||||
| CVE-2022-46950 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2025-04-07 | 7.2 High |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window. | ||||
| CVE-2022-46093 | 1 Hospital Management System Project | 1 Hospital Management System | 2025-04-07 | 8.2 High |
| Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password. | ||||
| CVE-2023-22959 | 1 Webchess Project | 1 Webchess | 2025-04-07 | 8.8 High |
| WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName). | ||||
| CVE-2022-46954 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2025-04-07 | 9.8 Critical |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction. | ||||
| CVE-2022-46949 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-07 | 7.2 High |
| Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet. | ||||
| CVE-2022-46947 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-07 | 7.2 High |
| Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. | ||||
| CVE-2022-46946 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-07 | 7.2 High |
| Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand. | ||||
| CVE-2022-46502 | 1 Online Student Enrollment System Project | 1 Online Student Enrollment System | 2025-04-07 | 9.8 Critical |
| Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php. | ||||
| CVE-2022-46471 | 1 Online Health Care System Project | 1 Online Health Care System | 2025-04-07 | 9.8 Critical |
| Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Admin/consulting_detail.php. | ||||
| CVE-2025-0298 | 1 Code-projects | 1 Online Book Shop | 2025-04-07 | 6.3 Medium |
| A vulnerability was found in code-projects Online Book Shop 1.0. It has been rated as critical. This issue affects some unknown processing of the file /process_login.php. The manipulation of the argument usernm leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0299 | 1 Code-projects | 1 Online Book Shop | 2025-04-07 | 6.3 Medium |
| A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0. Affected is an unknown function of the file /search_result.php. The manipulation of the argument s leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3265 | 1 Phpgurukul | 1 E-diary Management System | 2025-04-07 | 7.3 High |
| A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-category.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3267 | 1 Qinguoyi | 1 Tinywebserver | 2025-04-07 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in qinguoyi TinyWebServer up to 1.0. This affects an unknown part of the file /http/http_conn.cpp. The manipulation of the argument name/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||