Export limit exceeded: 18892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18892 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-37347 | 1 Sourcecodester | 1 Payroll Management And Information System | 2026-04-17 | 9.1 Critical |
| SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php. | ||||
| CVE-2026-37338 | 1 Sourcecodester | 1 Simple Music Cloud Community System | 2026-04-17 | 9.4 Critical |
| SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php. | ||||
| CVE-2026-27497 | 1 N8n | 1 N8n | 2026-04-17 | 8.8 High |
| n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures. | ||||
| CVE-2026-1198 | 1 Simple Sa | 1 Simple.erp | 2026-04-17 | N/A |
| SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed. This issue was fixed in 6.30@A04.4_u06. | ||||
| CVE-2026-27149 | 1 Discourse | 1 Discourse | 2026-04-17 | 6.5 Medium |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, SQL injection in PM tag filtering (`list_private_messages_tag`) allows bypassing tag filter conditions, potentially disclosing unauthorized private message metadata. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available. | ||||
| CVE-2026-3261 | 1 Itsourcecode | 1 School Management System | 2026-04-17 | 7.3 High |
| A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2019-25710 | 1 Dolibarr | 2 Dolibarr Erp/crm, Dolibarr Erp\/crm | 2026-04-17 | 8.2 High |
| Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using error-based SQL injection techniques. | ||||
| CVE-2026-3292 | 1 Jizhicms | 1 Jizhicms | 2026-04-17 | 6.3 Medium |
| A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2019-25713 | 2 Myt, Myt Project | 2 Project Management, Myt | 2026-04-17 | 7.1 High |
| MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind, or stacked query payloads to extract sensitive database information or manipulate data. | ||||
| CVE-2026-28516 | 1 Opendcim | 1 Opendcim | 2026-04-17 | 8.8 High |
| openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input sanitation. An authenticated user can execute arbitrary SQL statements against the underlying database. | ||||
| CVE-2026-28562 | 2 Gvectors, Wordpress | 2 Wpforo Forum, Wordpress | 2026-04-17 | 8.2 High |
| wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::get_topics() where the ORDER BY clause relies on ineffective esc_sql() sanitization on unquoted identifiers. Attackers exploit the wpfob parameter with CASE WHEN payloads to perform blind boolean extraction of credentials from the WordPress database. | ||||
| CVE-2026-26709 | 2 Carmelo, Code-projects | 2 Simple Gym Management System, Simple Gym Management System | 2026-04-17 | 9.8 Critical |
| code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_search.php. | ||||
| CVE-2026-26695 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-04-17 | 9.8 Critical |
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php. | ||||
| CVE-2026-26703 | 2 Jon-remus-sevellejo, Sourcecodester | 2 Personnel Property Equipment System, Personnel Property Equipment System | 2026-04-17 | 9.8 Critical |
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php. | ||||
| CVE-2026-26700 | 2 Jon-remus-sevellejo, Sourcecodester | 2 Personnel Property Equipment System, Personnel Property Equipment System | 2026-04-17 | 9.8 Critical |
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php. | ||||
| CVE-2026-26702 | 2 Jon-remus-sevellejo, Sourcecodester | 2 Personnel Property Equipment System, Personnel Property Equipment System | 2026-04-17 | 9.8 Critical |
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php. | ||||
| CVE-2026-26704 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-04-17 | 9.8 Critical |
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_category.php. | ||||
| CVE-2026-26708 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-04-17 | 9.8 Critical |
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_user.php. | ||||
| CVE-2026-26705 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-04-17 | 9.8 Critical |
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_product.php. | ||||
| CVE-2026-26698 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-04-17 | 4.9 Medium |
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php. | ||||