Export limit exceeded: 19677 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19677 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-10967 2026-04-15 7.3 High
A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9. This affects an unknown part of the file /chkuser.php. Performing manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-10570 1 Cleantalk 1 Antispam 2026-04-15 7.5 High
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validation. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2025-41004 1 Imaster 1 Patient Record Management System 2026-04-15 N/A
Imaster's Patient Records Management System is vulnerable to SQL Injection in the endpoint ‘/projects/hospital/admin/complaints.php’ through the ‘id’ parameter.
CVE-2024-27709 1 Eskooly 1 Web Product 2026-04-15 9.8 Critical
SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component.
CVE-2024-3495 1 Wordpress 1 Wordpress 2026-04-15 9.8 Critical
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2024-4423 2026-04-15 7.2 High
The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass. An attacker who has network access to the login panel can log in with administrator rights to the application.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.
CVE-2024-45757 2026-04-15 7.2 High
An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access.
CVE-2025-30061 1 Cgm 1 Clininet 2026-04-15 N/A
In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter.
CVE-2025-43949 2026-04-15 9.8 Critical
MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server.
CVE-2025-3096 2026-04-15 N/A
Clinic’s Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page.
CVE-2021-47909 1 Techraft 1 Mult-e-cart Ultimate 2026-04-15 8.1 High
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system.
CVE-2024-23843 2026-04-15 2.2 Low
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Genians Genian NAC V5.0, Genians Genian NAC LTS V5.0.This issue affects Genian NAC V5.0: from V5.0.0 through V5.0.60; Genian NAC LTS V5.0: from 5.0.0 LTS through 5.0.55 LTS(Revision 125558), from 5.0.0 LTS through 5.0.56 LTS(Revision 125560).
CVE-2024-54445 2026-04-15 N/A
Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables.
CVE-2025-62367 1 Taiga 1 Taiga 2026-04-15 4.8 Medium
Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0.
CVE-2019-25431 1 Delpino73 1 Blue-smiley-organizer 2026-04-15 8.2 High
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind techniques, or write files to the server using INTO OUTFILE statements.
CVE-2024-4847 1 Wordpress 1 Wordpress 2026-04-15 8.8 High
The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the ‘last_post_id’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2024-2831 2 Kieranoshea, Wordpress 2 Calendar, Wordpress 2026-04-15 8.8 High
The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2024-43207 2026-04-15 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62.
CVE-2024-33273 2026-04-15 9.8 Critical
SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function.
CVE-2024-33275 1 Webbax 1 Supernewsletter 2026-04-15 9.8 Critical
SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components.