Export limit exceeded: 18913 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18913 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28346 | 3 Debian, Djangoproject, Redhat | 7 Debian Linux, Django, Ansible Automation Platform and 4 more | 2025-02-13 | 9.8 Critical |
| An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | ||||
| CVE-2023-26856 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2025-02-13 | 7.2 High |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login. | ||||
| CVE-2023-26750 | 1 Yiiframework | 1 Yii | 2025-02-13 | 9.8 Critical |
| SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework. | ||||
| CVE-2015-9457 | 1 Caseproof | 1 Prettylinks | 2025-02-13 | 7.2 High |
| The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter. | ||||
| CVE-2024-36779 | 1 Stock Management System Project | 1 Stock Management System | 2025-02-13 | 9.8 Critical |
| Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. | ||||
| CVE-2024-36673 | 1 Pharmacy\/medical Store Point Of Sale System Project | 1 Pharmacy\/medical Store Point Of Sale System | 2025-02-13 | 9.8 Critical |
| Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries. | ||||
| CVE-2024-35563 | 1 Cdg | 1 Server | 2025-02-13 | 9.8 Critical |
| CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions. | ||||
| CVE-2024-35548 | 2025-02-13 | 5.4 Medium | ||
| A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection. | ||||
| CVE-2024-35361 | 1 Mtab | 1 Bookmark | 2025-02-13 | 9.8 Critical |
| MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights. | ||||
| CVE-2024-35359 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2025-02-13 | 5.4 Medium |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_item. Manipulating the argument id can result in SQL injection. | ||||
| CVE-2024-35349 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2025-02-13 | 9.8 Critical |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/category/view_category.php. Manipulating the argument id can result in SQL injection. | ||||
| CVE-2024-34310 | 1 Bjjfsd | 1 Jin Fang Times Content Management System | 2025-02-13 | 8.8 High |
| Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter. | ||||
| CVE-2024-30801 | 1 Beijing Xinwang Medical Information Technology | 1 Cloud Based Customer Service Management Platform | 2025-02-13 | 5.5 Medium |
| SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component. | ||||
| CVE-2022-28132 | 1 T-soft | 1 E-commerce | 2025-02-13 | 7.2 High |
| The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data. | ||||
| CVE-2012-5664 | 2025-02-13 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6496, CVE-2012-6497. Reason: this candidate was intended for one issue, but the candidate was publicly used to label concerns about multiple products. Notes: All CVE users should consult CVE-2012-6496 and CVE-2012-6497 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-55212 | 2025-02-12 | 6.5 Medium | ||
| DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGo_xBlog/Resource_Service.aspx. | ||||
| CVE-2025-1116 | 2025-02-12 | 7.3 High | ||
| A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart. Affected by this issue is the function searchresults/search of the file /?route=extension/live_search/module/live_search.searchresults. The manipulation of the argument keyword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0943 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-02-12 | 6.3 Medium |
| A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file deldoc.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0944 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-02-12 | 6.3 Medium |
| A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file customerview.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0945 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-02-12 | 6.3 Medium |
| A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file typedelete.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||