Export limit exceeded: 19698 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19698 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54446 | 2026-04-15 | N/A | ||
| Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables. | ||||
| CVE-2024-58301 | 1 Purei | 1 Cms | 2026-04-15 | N/A |
| Purei CMS 1.0 contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through unfiltered user input parameters. Attackers can exploit vulnerable endpoints like getAllParks.php and events-ajax.php by injecting crafted SQL payloads to potentially extract or modify database information. | ||||
| CVE-2024-12245 | 2026-04-15 | N/A | ||
| Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables. | ||||
| CVE-2023-3938 | 2026-04-15 | 4.6 Medium | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others. | ||||
| CVE-2025-30061 | 1 Cgm | 1 Clininet | 2026-04-15 | N/A |
| In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter. | ||||
| CVE-2023-3419 | 1 Tagdiv | 1 Opt In Builder | 2026-04-15 | 7.2 High |
| The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'couponId' parameter of the 'recreate_stripe_subscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-3818 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-50805 | 1 Slims | 1 Senayan Library Management System | 2026-04-15 | 8.2 High |
| Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive information. | ||||
| CVE-2024-8757 | 1 Afthemes | 1 Wp Post Author | 2026-04-15 | 7.2 High |
| The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-52335 | 1 Siemens | 1 Syngo Plaza Vb30e | 2026-04-15 | 9.8 Critical |
| A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database. | ||||
| CVE-2025-40628 | 2026-04-15 | N/A | ||
| SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint. | ||||
| CVE-2025-68857 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through <= 3.15. | ||||
| CVE-2025-10967 | 2026-04-15 | 7.3 High | ||
| A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9. This affects an unknown part of the file /chkuser.php. Performing manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-69045 | 3 Fooevents, Woocommerce, Wordpress | 3 Fooevents For Woocommerce, Woocommerce, Wordpress | 2026-04-15 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents for WooCommerce: from n/a through <= 1.20.4. | ||||
| CVE-2025-9148 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1117 | 2026-04-15 | 7.3 High | ||
| A vulnerability, which was classified as critical, was found in CoinRemitter 0.0.1/0.0.2 on OpenCart. This affects an unknown part. The manipulation of the argument coin leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.3 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-12914 | 1 Aapanel | 1 Baota | 2026-04-15 | 4.7 Medium |
| A vulnerability has been found in aaPanel BaoTa up to 11.2.x. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.3.0 is able to resolve this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-57238 | 2026-04-15 | 7.3 High | ||
| Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter. | ||||
| CVE-2025-61247 | 1 Indieka900 | 1 Online-shopping-system-php | 2026-04-15 | 8.2 High |
| indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php. | ||||
| CVE-2025-24290 | 2026-04-15 | N/A | ||
| Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges. | ||||