Export limit exceeded: 18436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18436 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12984 | 2 Monetizemore, Wordpress | 2 Advanced Ads, Wordpress | 2026-01-26 | 4.9 Medium |
| The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2021-47846 | 1 Iwantsourcecodes | 1 Digital Crime Report Management System | 2026-01-26 | 8.2 High |
| Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password parameters across police, incharge, user, and HQ login endpoints. | ||||
| CVE-2021-47848 | 1 Satndy | 1 Aplikasi-biro-travel | 2026-01-26 | 8.2 High |
| Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. Attackers can manipulate the login request by sending a crafted username with SQL injection techniques to gain unauthorized administrative access. | ||||
| CVE-2025-52694 | 1 Advantech | 7 Iot Edge Linux Docker, Iot Edge Products, Iot Edge Windows and 4 more | 2026-01-26 | 10 Critical |
| Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately. | ||||
| CVE-2025-0103 | 1 Paloaltonetworks | 1 Expedition | 2026-01-23 | 8.8 High |
| An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system. | ||||
| CVE-2024-7930 | 2 Oretnom23, Sourcecodester | 2 Clinic\'s Patient Management System, Clinics Patient Management System | 2026-01-23 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/get_packings.php. The manipulation of the argument medicine_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7871 | 2 Easytest, Huaju | 2 Easytest Online Test Platform, Easytest Online Learning Test Platform | 2026-01-23 | 8.8 High |
| SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter. | ||||
| CVE-2023-7123 | 1 Oretnom23 | 1 Medicine Tracker System | 2026-01-23 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracking System 1.0. This issue affects some unknown processing of the file /classes/Master.php? f=save_medicine. The manipulation of the argument id/name/description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249095. | ||||
| CVE-2022-47151 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-01-23 | 8.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | ||||
| CVE-2020-25760 | 1 Projectworlds | 1 Visitor Management System | 2026-01-23 | 8.8 High |
| Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database. | ||||
| CVE-2024-7841 | 2 Oretnom23, Sourcecodester | 2 Clinic\'s Patient Management System, Clinics Patient Management System | 2026-01-23 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System 1.0. This vulnerability affects unknown code of the file /pms/ajax/check_user_name.php. The manipulation of the argument user_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-67081 | 1 Itflow | 1 Itflow | 2026-01-23 | 4.9 Medium |
| An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises from insufficient sanitizing on integer parameter. | ||||
| CVE-2025-51626 | 1 Xiaoliuchu | 1 Pss.sale.com | 2026-01-22 | 6.5 Medium |
| SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancel_order.php endpoint. | ||||
| CVE-2025-67281 | 1 Tim-solutions | 1 Tim Flow | 2026-01-22 | 5.4 Medium |
| In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content. | ||||
| CVE-2022-50892 | 1 Viaviweb | 1 Wallpaper Admin | 2026-01-22 | 8.2 High |
| VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface. | ||||
| CVE-2025-59389 | 1 Qnap | 1 Hyper Data Protector | 2026-01-22 | 9.8 Critical |
| An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: Hyper Data Protector 2.2.4.1 and later | ||||
| CVE-2025-67082 | 1 Invoiceplane | 1 Invoiceplane | 2026-01-22 | 6.5 Medium |
| An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises from insufficient sanitizing of single quotes. | ||||
| CVE-2025-70892 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2026-01-22 | 9.8 Critical |
| Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint. | ||||
| CVE-2025-70893 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2026-01-22 | 8.8 High |
| A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL expressions. | ||||
| CVE-2025-61943 | 1 Aveva | 2 Historian, Process Optimization | 2026-01-22 | 8.4 High |
| The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server. | ||||