Export limit exceeded: 18882 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18882 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25197 | 1 Playjoom | 1 Playjoom | 2026-03-09 | 8.2 High |
| PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with option=com_playjoom&view=genre&catid=[SQL] to extract sensitive database information including usernames, databases, and version details. | ||||
| CVE-2018-25196 | 1 Serverzilla | 1 Serverzilla | 2026-03-09 | 8.2 High |
| ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authentication and extract sensitive database information. | ||||
| CVE-2025-66678 | 1 Faintsnow | 2 Hardware Read \& Write Utility, Nil Hardware Editor Hardware Read & Write Utility | 2026-03-09 | 9.8 Critical |
| An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request. | ||||
| CVE-2025-66944 | 2 Databasir, Vran-dev | 2 Databasir, Databaseir | 2026-03-09 | 9.8 Critical |
| SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint | ||||
| CVE-2018-25161 | 1 Warrantytrack | 1 Warranty Tracking System | 2026-03-09 | 8.2 High |
| Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements using UNION SELECT to extract sensitive database information including usernames, database names, and version details. | ||||
| CVE-2018-25173 | 1 Sms | 1 Rmedia Sms | 2026-03-09 | 8.2 High |
| Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retrieve schema names and sensitive database data. | ||||
| CVE-2018-25175 | 1 Alienor | 1 Alienor Web Libre | 2026-03-09 | 8.2 High |
| Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifiant field to extract sensitive database information including usernames, databases, and version details. | ||||
| CVE-2025-15344 | 1 Tanium | 2 Asset, Service Asset | 2026-03-09 | 6.3 Medium |
| Tanium addressed a SQL injection vulnerability in Asset. | ||||
| CVE-2025-7631 | 1 Tumeva Internet Technologies Software Information Advertising And Consulting Services Trade Ltd. Co. | 1 Tumeva News Software | 2026-03-09 | 8.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co. Tumeva Prime News Software allows SQL Injection.This issue affects Tumeva Prime News Software: from v.1.0.1 before v1.0.2. | ||||
| CVE-2025-15127 | 1 Fantasticlbp | 1 Hotels Server | 2026-03-08 | 7.3 High |
| A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2021-31869 | 1 Pimcore | 1 Pimcore | 2026-03-06 | 6.5 Medium |
| Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product. | ||||
| CVE-2020-24932 | 1 Razormist | 1 Complaint Management System | 2026-03-06 | 9.8 Critical |
| An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php. | ||||
| CVE-2023-0600 | 1 Codepress | 1 Visitor Statistics | 2026-03-06 | 9.8 Critical |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks. | ||||
| CVE-2022-33965 | 1 Codepress | 1 Visitor Statistics | 2026-03-06 | 9.3 Critical |
| Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress. | ||||
| CVE-2021-24750 | 1 Codepress | 1 Visitor Statistics | 2026-03-06 | 8.8 High |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks | ||||
| CVE-2022-0410 | 1 Codepress | 1 Visitor Statistics | 2026-03-06 | 8.8 High |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection | ||||
| CVE-2025-48650 | 1 Google | 1 Android | 2026-03-06 | 8.4 High |
| In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48544 | 1 Google | 1 Android | 2026-03-06 | 7.8 High |
| In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2021-35484 | 1 Nokia | 1 Impact | 2026-03-05 | 8.2 High |
| Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information. | ||||
| CVE-2025-70821 | 2 Renren, Renrenio | 2 Renren-security, Renren-security | 2026-03-05 | 9.8 Critical |
| renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component | ||||