Export limit exceeded: 18778 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18778 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2161 | 2 Clive 21, Itsourcecode | 2 Directory Management System, Directory Management System | 2026-04-17 | 7.3 High |
| A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-2171 | 2 Code-projects, Fabian | 2 Online Student Management System, Online Student Management System | 2026-04-17 | 7.3 High |
| A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-2172 | 2 Code-projects, Fabian | 2 Online Application System For Admission, Online Application System For Admission | 2026-04-17 | 7.3 High |
| A vulnerability was determined in code-projects Online Application System for Admission 1.0. Affected by this vulnerability is an unknown functionality of the file enrollment/index.php of the component Login Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-2173 | 2 Code-projects, Fabian | 2 Online Examination System, Online Examination System | 2026-04-17 | 7.3 High |
| A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. | ||||
| CVE-2026-2189 | 1 Itsourcecode | 1 School Management System | 2026-04-17 | 7.3 High |
| A vulnerability was identified in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/report/index.php. The manipulation of the argument ay leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-2190 | 1 Itsourcecode | 1 School Management System | 2026-04-17 | 7.3 High |
| A security flaw has been discovered in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/user/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-2195 | 2 Code-projects, Fabian | 2 Online Reviewer System, Online Reviewer System | 2026-04-17 | 7.3 High |
| A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-2196 | 2 Code-projects, Fabian | 2 Online Reviewer System, Online Reviewer System | 2026-04-17 | 7.3 High |
| A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulation of the argument test_id results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2026-2198 | 2 Code-projects, Fabian | 2 Online Reviewer System, Online Reviewer System | 2026-04-17 | 7.3 High |
| A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficulty_id leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-2211 | 2 Code-projects, Fabian | 2 Online Music Site, Online Music Site | 2026-04-17 | 7.3 High |
| A vulnerability was determined in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-2212 | 2 Code-projects, Fabian | 2 Online Music Site, Online Music Site | 2026-04-17 | 7.3 High |
| A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-2221 | 2 Code-projects, Fabian | 2 Online Reviewer System, Online Reviewer System | 2026-04-17 | 7.3 High |
| A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-2235 | 1 Hgiga | 1 C&cm@il Package Olln-base | 2026-04-17 | 6.5 Medium |
| C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2026-2223 | 2 Code-projects, Fabian | 2 Online Reviewer System, Online Reviewer System | 2026-04-17 | 7.3 High |
| A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-2225 | 2 Clive 21, Itsourcecode | 2 News Portal Project, News Portal Project | 2026-04-17 | 7.3 High |
| A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2026-2093 | 1 Flowring | 1 Docpedia | 2026-04-17 | 7.5 High |
| Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2026-2094 | 1 Flowring | 1 Docpedia | 2026-04-17 | 8.8 High |
| Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2026-1602 | 1 Ivanti | 1 Endpoint Manager | 2026-04-17 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2026-25947 | 1 Worklenz | 1 Worklenz | 2026-04-17 | 8.8 High |
| Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation and scheduling features. The vulnerability has been patched in version v2.1.7. | ||||
| CVE-2026-25993 | 1 Evershop | 1 Evershop | 2026-04-17 | 9.8 Critical |
| EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / request_path values—derived from the url_key stored in the database—into SQL statements via string concatenation and passes them to execute(). As a result, if a malicious string is stored in url_key , subsequent event processing modifies and executes the SQL statement, leading to a second-order SQL injection. Patched from v2.1.1. | ||||