Export limit exceeded: 18937 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18937 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12342 | 1 Serdar Bayram | 1 Ghost Hot Spot | 2026-04-15 | 7.3 High |
| A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-12277 | 1 Abdullah-hasan-sajjad | 1 Online-school | 2026-04-15 | 7.3 High |
| A flaw has been found in Abdullah-Hasan-Sajjad Online-School up to f09dda77b4c29aa083ff57f4b1eb991b98b68883. This affects an unknown part of the file /studentLogin.php. This manipulation of the argument Email causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-67987 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-04-15 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1. | ||||
| CVE-2024-13174 | 1 E1 Informatics | 1 Web Application | 2026-04-15 | 8.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E1 Informatics Web Application allows SQL Injection.This issue affects Web Application: through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. | ||||
| CVE-2024-2074 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255389 was assigned to this vulnerability. | ||||
| CVE-2024-34992 | 2026-04-15 | 8.8 High | ||
| SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets()' | ||||
| CVE-2024-13149 | 1 Arma Store | 1 Armalife | 2026-04-15 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arma Store Armalife allows SQL Injection.This issue affects Armalife: through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. | ||||
| CVE-2024-13147 | 2026-04-15 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.This issue affects B2B Login Panel: before 15.01.2025. | ||||
| CVE-2025-7636 | 1 Ergosis Security Systems Computer Industry And Trade Inc. | 1 Zeus Pdks | 2026-04-15 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security Systems Computer Industry and Trade Inc. ZEUS PDKS allows SQL Injection.This issue affects ZEUS PDKS: from <1.0.5.10 through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-59816 | 1 Zenitel | 2 Icx500, Icx510 | 2026-04-15 | 7.3 High |
| This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue. | ||||
| CVE-2025-59814 | 1 Zenitel | 2 Icx500, Icx510 | 2026-04-15 | 8.8 High |
| This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database. | ||||
| CVE-2022-4984 | 1 Easycorp | 3 Zentao Biz, Zentao Max, Zentao Open Source Edition | 2026-04-15 | N/A |
| ZenTao Biz < 6.5, ZenTao Max < 3.0, ZenTao Open Source Edition < 16.5, and ZenTao Open Source Edition < 16.5.beta1 contain an SQL injection vulnerability in the login functionality. The application does not properly validate the account parameter on /zentao/user-login.html before using it in a database query. A remote unauthenticated attacker can exploit this issue to execute crafted SQL expressions and retrieve sensitive information from the backend database, including user and application data. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-07 UTC. | ||||
| CVE-2025-59397 | 1 Openwebanalytics | 1 Open Web Analytics | 2026-04-15 | 5 Medium |
| Open Web Analytics (OWA) before 1.8.1 allows owa_db.php v[value] SQL injection. | ||||
| CVE-2025-55065 | 2026-04-15 | 7.5 High | ||
| CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ||||
| CVE-2025-22954 | 1 Koha | 1 Koha | 2026-04-15 | 10 Critical |
| GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter. | ||||
| CVE-2024-8503 | 1 Vicidial | 1 Vicidial | 2026-04-15 | 9.8 Critical |
| An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database. | ||||
| CVE-2025-53122 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection. Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | ||||
| CVE-2025-50868 | 2026-04-15 | 6.5 Medium | ||
| A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1.0. The Q4 POST parameter is not properly sanitized before being used in SQL queries. | ||||
| CVE-2025-57423 | 1 Myclub | 1 Myclub | 2026-04-15 | 6.5 Medium |
| A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a crafted GET request, potentially leading to information disclosure or manipulation of the database. | ||||
| CVE-2025-50567 | 1 Saurus | 1 Saurus Cms | 2026-04-15 | 10 Critical |
| Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code execution. | ||||