Export limit exceeded: 19642 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19642 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-14735 | 1 Code-projects | 1 Smart Parking System | 2026-07-07 | 7.3 High |
| A vulnerability has been found in code-projects Smart Parking System 1.0. The affected element is an unknown function of the file /parkings/parkings.php. Such manipulation of the argument street/city/status leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-14703 | 1 Itsourcecode | 1 Hospital Management System | 2026-07-07 | 6.3 Medium |
| A vulnerability has been found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /patientorder.php. Such manipulation of the argument editid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-14695 | 1 Sourcecodester | 1 Multi-vendor Online Grocery Management System | 2026-07-07 | 7.3 High |
| A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_client of the file classes/Users.php of the component Registration Handler. The manipulation of the argument Name results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-14689 | 1 Codeastro | 1 Apartment Visitor Management System | 2026-07-07 | 6.3 Medium |
| A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulation of the argument apartmentno results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-14639 | 1 Codeastro | 1 Ecommerce Website | 2026-07-07 | 6.3 Medium |
| A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/my_account.php?edit_account. Such manipulation of the argument c_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-14619 | 1 Itsourcecode | 1 Hospital Management System | 2026-07-07 | 6.3 Medium |
| A flaw has been found in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /medicine.php. This manipulation of the argument editid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2026-55721 | 1 Stonefly | 2 Storage Concentrator, Storage Concentrator Virtual Machine | 2026-07-06 | 9.3 Critical |
| Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those queries and extract sensitive information from the underlying database, including session tokens, password hashes, and stored secret keys. | ||||
| CVE-2026-34099 | 1 Guardian | 1 Language-system | 2026-07-06 | 9.8 Critical |
| Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info.php (line 16): SELECT * FROM jobs where id = '\".$_GET['id'].\"'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current user, schema names, and table contents. | ||||
| CVE-2026-34100 | 1 Guardian | 1 Language-system | 2026-07-06 | 9.8 Critical |
| Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents. | ||||
| CVE-2026-34101 | 1 Guardian | 1 Language-system | 2026-07-06 | 9.8 Critical |
| Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents. | ||||
| CVE-2026-34102 | 1 Guardian | 1 Language-system | 2026-07-06 | 9.8 Critical |
| Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info_get.php (line 16): SELECT * FROM jobs where input1 = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents. | ||||
| CVE-2026-34103 | 1 Guardian | 1 Language-system | 2026-07-06 | 9.8 Critical |
| Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php (line 16): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents. | ||||
| CVE-2026-34104 | 1 Guardian | 1 Language-system | 2026-07-06 | 9.8 Critical |
| Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php (line 124): SELECT * FROM complex WHERE name='\".$_GET['name'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents. | ||||
| CVE-2026-34105 | 1 Guardian | 1 Language-system | 2026-07-06 | 9.8 Critical |
| Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translate_text.php (line 15): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents. | ||||
| CVE-2026-57683 | 2 Epsiloncool, Wordpress | 2 Wp Fast Total Search, Wordpress | 2026-07-06 | 9.3 Critical |
| Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions. | ||||
| CVE-2026-57756 | 2 Wordpress, 友人a丶 | 2 Wordpress, Nicen-localize-image | 2026-07-06 | 8.5 High |
| Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions. | ||||
| CVE-2026-4321 | 1 Raera | 1 Destekz | 2026-07-06 | 9.8 Critical |
| Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported. | ||||
| CVE-2026-14659 | 1 Itsourcecode | 1 Hospital Management System | 2026-07-06 | 6.3 Medium |
| A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-14809 | 2026-07-06 | 7.5 High | ||
| Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2026-14755 | 1 Code-projects | 1 Hotel And Tourism Reservation | 2026-07-06 | 7.3 High |
| A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/reservations.php of the component Reservations Management Page. The manipulation of the argument delete leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||