Export limit exceeded: 19074 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19074 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9446 | 1 Sourcecodester | 1 Simple Pos And Inventory System | 2026-05-25 | 4.7 Medium |
| A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/edit_customer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-9444 | 1 Sourcecodester | 1 Simple Pos And Inventory System | 2026-05-25 | 4.7 Medium |
| A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2026-9411 | 1 Sourcecodester | 1 Indian Invoicing System | 2026-05-25 | 6.3 Medium |
| A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGST_Invoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customer_name/category results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-42167 | 1 Proftpd | 1 Proftpd | 2026-05-24 | 8.1 High |
| mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM). | ||||
| CVE-2026-9383 | 1 Itsourcecode | 1 Electronic Judging System | 2026-05-24 | 7.3 High |
| A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-9364 | 1 Projectworlds | 1 Online Art Gallery Shop | 2026-05-24 | 7.3 High |
| A flaw has been found in projectworlds Online Art Gallery Shop 1.0. Impacted is an unknown function of the file /admin/adminHome.php. Executing a manipulation of the argument social_linked can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | ||||
| CVE-2026-9356 | 1 Sourcecodester | 1 Hospitals Patient Records Management System | 2026-05-24 | 7.3 High |
| A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage_history.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-9355 | 1 Sourcecodester | 1 Hospitals Patient Records Management System | 2026-05-24 | 7.3 High |
| A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save_patient_history. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2026-9342 | 1 Sourcecodester | 1 Hospitals Patient Records Management System | 2026-05-23 | 6.3 Medium |
| A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/view_history.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2018-25346 | 2 10web, Wordpress | 2 Form Maker, Wordpress | 2026-05-23 | 7.1 High |
| WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generete_csv actions. Attackers can submit POST requests with malicious SQL payloads in the name and search_labels parameters to extract, modify, or escalate privileges within the WordPress database. | ||||
| CVE-2018-25347 | 2 Web-dorado, Wordpress | 2 Contact Form Maker, Wordpress | 2026-05-23 | 7.1 High |
| WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_fmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'search_labels' parameters to extract sensitive database information or escalate privileges. | ||||
| CVE-2018-25352 | 1 Accesspressthemes | 1 Ultimate-form-builder-lite | 2026-05-23 | 7.1 High |
| WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entry_id POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint with the ufbl_get_entry_detail_action action to extract, modify, or escalate privileges within the WordPress database. | ||||
| CVE-2018-25351 | 1 Harmistechnology | 1 Ek Rishta | 2026-05-23 | 8.2 High |
| Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads in the username field to extract database information including user credentials and system details. | ||||
| CVE-2018-25348 | 1 Harmistechnology | 1 Ek Rishta | 2026-05-23 | 8.2 High |
| Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the user_detail view with malicious cid values containing SQL commands to extract sensitive database information. | ||||
| CVE-2018-25342 | 2026-05-23 | 8.2 High | ||
| Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract sensitive database information including product details and system data. | ||||
| CVE-2018-25341 | 2026-05-23 | 8.2 High | ||
| Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and database names. | ||||
| CVE-2018-25340 | 2026-05-23 | 8.2 High | ||
| Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and other data. | ||||
| CVE-2026-9305 | 1 Quantumnous | 1 New-api | 2026-05-23 | 6.3 Medium |
| A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-41075 | 2026-05-22 | 8.8 High | ||
| RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing them to read or modify data in the RT database. This issue has been fixed in versions 5.0.10 and 6.0.3. If developers are unable to upgrade immediately, they can temporarily work around this issue by restricting RT account access to trusted users. | ||||
| CVE-2026-9082 | 1 Drupal | 1 Drupal Core | 2026-05-22 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10. | ||||