Export limit exceeded: 18849 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18849 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62173 | 1 Freepbx | 1 Freepbx | 2026-04-15 | N/A |
| ## Summary Authenticated SQL Injection Vulnerability in Endpoint Module Rest API | ||||
| CVE-2025-62367 | 1 Taiga | 1 Taiga | 2026-04-15 | 4.8 Medium |
| Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0. | ||||
| CVE-2024-8303 | 1 Dingfanzu | 1 Cms | 2026-04-15 | 6.3 Medium |
| A vulnerability classified as critical has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. This affects an unknown part of the file /ajax/getBasicInfo.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-69306 | 2 Teconcetheme, Wordpress | 2 Electio Core, Wordpress | 2026-04-15 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Electio Core electio-core allows Blind SQL Injection.This issue affects Electio Core: from n/a through <= 1.4. | ||||
| CVE-2025-69633 | 1 Prestashop | 1 Advanced Popup Creator | 2026-04-15 | 9.8 Critical |
| A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6 (Fixed in version 1.2.7) allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is passed unsanitized to SQL queries in classes/AdvancedPopup.php (getPopups() and updateVisits() functions). | ||||
| CVE-2025-52390 | 1 Saurus | 1 Saurus Cms | 2026-04-15 | 9.1 Critical |
| Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges. | ||||
| CVE-2025-55156 | 1 Pyload | 1 Pyload | 2026-04-15 | N/A |
| pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91. | ||||
| CVE-2025-7801 | 2026-04-15 | 7.3 High | ||
| A vulnerability has been found in BossSoft CRM 6.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /crm/module/HNDCBas_customPrmSearchDtl.jsp. The manipulation of the argument cstid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7918 | 2026-04-15 | 9.8 Critical | ||
| WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2025-8858 | 2026-04-15 | 7.5 High | ||
| Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2025-29085 | 2026-04-15 | 9.8 Critical | ||
| SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component. | ||||
| CVE-2019-25299 | 1 Rimbalinux | 1 Ahadpos | 2026-04-15 | 7.1 High |
| RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection techniques to extract information or potentially interact with the underlying database. | ||||
| CVE-2024-12015 | 1 Wedevs | 1 Wp Project Manager | 2026-04-15 | 7.7 High |
| The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route. | ||||
| CVE-2024-12031 | 2 Codetides, Wordpress | 2 Advanced Floating Content, Wordpress | 2026-04-15 | 6.5 Medium |
| The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-39368 | 1 Intel | 1 Neural Compressor Software | 2026-04-15 | 8 High |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2019-25300 | 1 Thejshen | 1 Globitek Cms | 2026-04-15 | 7.1 High |
| thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information. | ||||
| CVE-2019-25462 | 1 Web-ofisi | 1 Rent A Car | 2026-04-15 | 8.2 High |
| Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or cause denial of service. | ||||
| CVE-2021-47872 | 1 Seopanel | 1 Seo Panel | 2026-04-15 | 7.1 High |
| SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by injecting malicious SQL code into the order column parameter. | ||||
| CVE-2019-25446 | 1 Digit-rs | 1 Digit Centris | 2026-04-15 | 8.2 High |
| DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these parameters to extract or modify sensitive database information. | ||||
| CVE-2025-40635 | 2026-04-15 | N/A | ||
| SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint. | ||||