Export limit exceeded: 18837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18837 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0214 | 1 Opencart | 1 Opencart | 2026-04-15 | 4.1 Medium |
| A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. It has been rated as problematic. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument headermenu_id leads to sql injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | ||||
| CVE-2025-43949 | 2026-04-15 | 9.8 Critical | ||
| MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server. | ||||
| CVE-2023-36525 | 2 Wordpress, Wpjobboard | 2 Wordpress, Wpjobboard | 2026-04-15 | 8.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0. | ||||
| CVE-2025-5319 | 1 Emit | 1 Efficiency Management System | 2026-04-15 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Emit Informatics and Communication Technologies Industry and Trade Ltd. Co. DIGITA Efficiency Management System allows SQL Injection.This issue affects DIGITA Efficiency Management System: through 03022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-28816 | 1 Aaravrajsingh | 1 Chatbot | 2026-04-15 | 7.1 High |
| Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php. | ||||
| CVE-2024-2876 | 2026-04-15 | 9.8 Critical | ||
| The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-2865 | 2026-04-15 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.This issue affects Quality Management System: through 25032024. | ||||
| CVE-2025-30059 | 1 Cgm | 1 Cgm Clininet | 2026-04-15 | N/A |
| In the PrepareCDExportJSON.pl service, the "getPerfServiceIds" function is vulnerable to SQL injection. | ||||
| CVE-2024-2804 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2023-49440 | 1 Ahnlab | 1 Epp | 2026-04-15 | 8.8 High |
| AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the "preview parameter." | ||||
| CVE-2024-27709 | 1 Eskooly | 1 Web Product | 2026-04-15 | 9.8 Critical |
| SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component. | ||||
| CVE-2025-26855 | 2026-04-15 | 9.8 Critical | ||
| A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands. | ||||
| CVE-2025-9150 | 1 Surbowl | 1 Dormitory-management-php | 2026-04-15 | 7.3 High |
| A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-32323 | 2026-04-15 | 8.1 High | ||
| SQL Injection vulnerability in cnhcit.com Haichang OA v.1.0.0 allows a remote attacker to obtain sensitive information via the if parameter in hcit.project.rte.agents.UploadImages.class. | ||||
| CVE-2024-39368 | 1 Intel | 1 Neural Compressor Software | 2026-04-15 | 8 High |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2024-1793 | 1 Aweber | 1 Aweber | 2026-04-15 | 7.2 High |
| The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2022-28132 | 1 T-soft | 1 E-commerce | 2026-04-15 | 7.2 High |
| The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data. | ||||
| CVE-2024-13909 | 2 Accredible, Wordpress | 2 Accredible Certificates & Open Badges, Wordpress | 2026-04-15 | 4.9 Medium |
| The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-44349 | 1 Anteeowms | 1 Anteeowms | 2026-04-15 | 9.8 Critical |
| A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB. | ||||
| CVE-2024-12428 | 2026-04-15 | 7.5 High | ||
| The WP Data Access – App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable to SQL Injection via the 'order[user_login][dir]' parameter in all versions up to, and including, 5.5.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||