Export limit exceeded: 18909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68857 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through <= 3.15. | ||||
| CVE-2024-33009 | 2026-04-15 | 4.2 Medium | ||
| SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the application. | ||||
| CVE-2024-57238 | 2026-04-15 | 7.3 High | ||
| Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter. | ||||
| CVE-2024-57178 | 2026-04-15 | 5.9 Medium | ||
| An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020. By sending a specially crafted 'stock-symbol' parameter to the portofolio() endpoint, it is possible to trigger an SQL injection in the application. As a result, the attacker will be able the user data or manipulate the software behavior. | ||||
| CVE-2024-3688 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability was found in Xiamen Four-Faith RMP Router Management Platform 5.2.2. It has been declared as critical. This vulnerability affects unknown code of the file /Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=. The manipulation of the argument groupId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260476. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-22207 | 2026-04-15 | N/A | ||
| Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of com_scheduler. | ||||
| CVE-2020-37108 | 1 Allhandsmarketing | 1 Phpix 2012 Professional | 2026-04-15 | 7.1 High |
| PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information. | ||||
| CVE-2020-37105 | 2 Redmine, Sigb | 2 Pmb, Pmb | 2026-04-15 | 7.1 High |
| PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php endpoint with manipulated logid values to interact with the database. | ||||
| CVE-2019-25431 | 1 Delpino73 | 1 Blue-smiley-organizer | 2026-04-15 | 8.2 High |
| delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind techniques, or write files to the server using INTO OUTFILE statements. | ||||
| CVE-2020-37083 | 1 Chatelao | 1 Php Address Book | 2026-04-15 | 8.2 High |
| PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php endpoint. | ||||
| CVE-2025-15450 | 1 Sfturing | 1 Hosp Order | 2026-04-15 | 6.3 Medium |
| A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-12097 | 2026-04-15 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2024. | ||||
| CVE-2024-9286 | 1 Trtek Software | 1 Distant Education Platform | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.This issue affects Distant Education Platform: before 3.2024.11. | ||||
| CVE-2024-11009 | 2026-04-15 | 4.9 Medium | ||
| The Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2020-37081 | 1 Fishing Reservation System | 1 Fishing Reservation System | 2026-04-15 | 7.1 High |
| Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database management system and web application without user interaction. | ||||
| CVE-2025-0455 | 1 Netvision | 1 Airpass | 2026-04-15 | 9.8 Critical |
| The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2024-11739 | 2026-04-15 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL Injection.This issue affects Case ERP: before V2.0.1. | ||||
| CVE-2025-0404 | 1 Liujianview | 1 Gymxmjpa | 2026-04-15 | 6.3 Medium |
| A vulnerability has been found in liujianview gymxmjpa 1.0 and classified as critical. This vulnerability affects the function CoachController of the file src/main/java/com/liujian/gymxmjpa/controller/CoachController.java. The manipulation of the argument coachName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-69045 | 3 Fooevents, Woocommerce, Wordpress | 3 Fooevents For Woocommerce, Woocommerce, Wordpress | 2026-04-15 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents for WooCommerce: from n/a through <= 1.20.4. | ||||
| CVE-2024-45622 | 1 Asis | 1 Asis | 2026-04-15 | 9.8 Critical |
| ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass. | ||||