Export limit exceeded: 19658 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19658 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26711 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-04-16 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php. | ||||
| CVE-2026-26712 | 1 Carmelo | 1 Simple Food Order System | 2026-04-16 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php. | ||||
| CVE-2026-26710 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-04-16 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php. | ||||
| CVE-2026-26713 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-04-16 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php. | ||||
| CVE-2026-26696 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-04-16 | 9.8 Critical |
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php. | ||||
| CVE-2026-26694 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-04-16 | 9.8 Critical |
| code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php. | ||||
| CVE-2026-26697 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-04-16 | 4.9 Medium |
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=. | ||||
| CVE-2026-26886 | 2 Oretnom23, Sourcecodester | 2 Simple Online Men\'s Salon Management System, Online Mens Salon Management System | 2026-04-16 | 2.7 Low |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php. | ||||
| CVE-2026-26884 | 2 Oretnom23, Sourcecodester | 2 Simple Online Men\'s Salon Management System, Online Mens Salon Management System | 2026-04-16 | 2.7 Low |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php. | ||||
| CVE-2026-26885 | 2 Oretnom23, Sourcecodester | 2 Simple Online Men\'s Salon Management System, Online Mens Salon Management System | 2026-04-16 | 2.7 Low |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_service. | ||||
| CVE-2026-26883 | 2 Oretnom23, Sourcecodester | 2 Simple Online Men\'s Salon Management System, Online Mens Salon Management System | 2026-04-16 | 2.7 Low |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=delete_appointment. | ||||
| CVE-2026-3486 | 2 Angeljudesuarez, Itsourcecode | 2 College Management System, College Management System | 2026-04-16 | 4.7 Medium |
| A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-3487 | 2 Angeljudesuarez, Itsourcecode | 2 College Management System, College Management System | 2026-04-16 | 4.7 Medium |
| A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument course_code results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-3773 | 2 Onlineada, Wordpress | 2 Accessibility Suite By Ability, Inc, Wordpress | 2026-04-16 | 6.5 Medium |
| The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-20002 | 1 Cisco | 1 Secure Firewall Management Center | 2026-04-16 | 8.1 High |
| A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain full access to the database and read certain files on the underlying operating system. To exploit this vulnerability, the attacker would need valid user credentials. | ||||
| CVE-2026-3599 | 2 Imprintnext, Wordpress | 2 Riaxe Product Customizer, Wordpress | 2026-04-16 | 7.5 High |
| The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'product_data' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied parameter and insufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-28284 | 2 Freepbx, Sangoma | 2 Security-reporting, Freepbx | 2026-04-16 | 8.8 High |
| FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5. | ||||
| CVE-2026-29081 | 1 Frappe | 1 Frappe | 2026-04-16 | 6.5 Medium |
| Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This issue has been patched in versions 14.100.1 and 15.100.0. | ||||
| CVE-2026-28443 | 1 Openreplay | 1 Openreplay | 2026-04-16 | 9.8 Critical |
| OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /{projectId}/cards/search endpoint has a SQL injection in the sort.field parameter. This issue has been patched in version 1.20.0. | ||||
| CVE-2026-28785 | 2 Ghostfol, Ghostfolio | 2 Ghostfolio, Ghostfolio | 2026-04-16 | 9.8 Critical |
| Ghostfolio is an open source wealth management software. Prior to version 2.244.0, by bypassing symbol validation, an attacker can execute arbitrary SQL commands via the getHistorical() method, potentially allowing them to read, modify, or delete sensitive financial data for all users in the database. This issue has been patched in version 2.244.0. | ||||