Export limit exceeded: 18878 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18878 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-30520 | 2 Oretnom23, Sourcecodester | 2 Loan Management System, Loan Management System | 2026-04-07 | 5.4 Medium |
| A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The application fails to properly sanitize user input supplied to the "borrower_id" parameter in a POST request, allowing an authenticated attacker to inject malicious SQL commands. | ||||
| CVE-2026-32714 | 1 Scitokens | 2 Scitokens, Scitokens Library | 2026-04-07 | 9.8 Critical |
| SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format() to construct SQL queries with user-supplied data (such as issuer and key_id). This allowed an attacker to execute arbitrary SQL commands against the local SQLite database. This issue has been patched in version 1.9.6. | ||||
| CVE-2026-30273 | 2 Gabrieleventuri, Sinaptik-ai | 2 Pandasai, Pandas-ai | 2026-04-07 | 7.3 High |
| pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query component. | ||||
| CVE-2026-5334 | 1 Itsourcecode | 1 Online Enrollment System | 2026-04-07 | 7.3 High |
| A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-57149 | 1 Phpgurukul | 1 Complaint Management System | 2026-04-06 | 6.5 Medium |
| phpgurukul Complaint Management System 2.0 is vulnerable to SQL Injection in /complaint-details.php via the cid parameter. | ||||
| CVE-2025-57147 | 1 Phpgurukul | 1 Complaint Management System | 2026-04-06 | 7.5 High |
| A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php. | ||||
| CVE-2025-57146 | 1 Phpgurukul | 1 Complaint Management System | 2026-04-06 | 8.1 High |
| phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter. | ||||
| CVE-2007-6125 | 1 Softbizscripts | 1 Freelancers Script | 2026-04-06 | N/A |
| SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. | ||||
| CVE-2005-3817 | 1 Softbizscripts | 1 Web Hosting Directory Script | 2026-04-06 | N/A |
| Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module. | ||||
| CVE-2007-5449 | 1 Softbizscripts | 1 Recipes Portal Script | 2026-04-06 | N/A |
| SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. | ||||
| CVE-2009-2790 | 1 Softbizscripts | 1 Dating Script | 2026-04-06 | N/A |
| SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4. | ||||
| CVE-2008-2087 | 1 Softbizscripts | 1 Web Hosting Directory Script | 2026-04-06 | N/A |
| SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817. | ||||
| CVE-2008-1050 | 1 Softbizscripts | 1 Jokes And Funny Pictures Script | 2026-04-06 | N/A |
| SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. | ||||
| CVE-2026-4579 | 1 Code-projects | 1 Simple Laundry System | 2026-04-03 | 7.3 High |
| A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the argument serviceId leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | ||||
| CVE-2026-4580 | 1 Code-projects | 1 Simple Laundry System | 2026-04-03 | 7.3 High |
| A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-4784 | 1 Code-projects | 1 Simple Laundry System | 2026-04-03 | 7.3 High |
| A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argument serviceId results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-4850 | 1 Code-projects | 1 Simple Laundry System | 2026-04-03 | 7.3 High |
| A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of the argument Long-arm-shirtVol results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-4908 | 1 Code-projects | 1 Simple Laundry System | 2026-04-03 | 7.3 High |
| A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-34220 | 1 Mikro-orm | 2 Mikro-orm, Mikroorm | 2026-04-03 | 9.8 Critical |
| MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6.10 and 7.0.6. | ||||
| CVE-2026-5256 | 1 Code-projects | 1 Simple Laundry System | 2026-04-03 | 7.3 High |
| A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||