Export limit exceeded: 19758 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19758 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-37252 1 Icegram 1 Email Subscribers \& Newsletters 2026-04-15 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.25.
CVE-2023-49641 2026-04-15 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginCheck.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2019-25462 1 Web-ofisi 1 Rent A Car 2026-04-15 8.2 High
Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or cause denial of service.
CVE-2025-2585 2026-04-15 8.8 High
EBM Maintenance Center From EBM Technologies has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2024-45756 1 Centreon 1 Centreon 2026-04-15 7.2 High
An issue was discovered in Centreon centreon-open-tickets 24.10.x before 24.10.0, 24.04.x before 24.04.2, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to create a ticket. Exploitation is only accessible to authenticated users with high-privileged access.
CVE-2025-8781 2 Bookster, Wordpress 2 Bookster – Wordpress Appointment Booking Plugin, Wordpress 2026-04-15 4.9 Medium
The Bookster – WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2025-9977 2026-04-15 N/A
Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been prevented probably by backend filtering mechanisms. Additionally, command injection attempts cause the application to return extensive error messages disclosing some information about the internal infrastructure.  Patching status is unknown because the vendor has not replied to messages sent by the CNA.
CVE-2025-61385 1 Tlocke 1 Pg8000 2026-04-15 9.6 Critical
SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal.
CVE-2025-65103 1 Devcode 1 Openstamanager 2026-04-15 8.8 High
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.9.5, an authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in an API request, an attacker can exfiltrate, modify, or delete any data in the database, leading to a full system compromise. This issue has been patched in version 2.9.5.
CVE-2024-55586 2026-04-15 9.8 Critical
Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior.
CVE-2025-11606 2026-04-15 6.3 Medium
A security flaw has been discovered in iPynch Social Network Website up to b6933b6d7f82c84819abe458ccf0e59d61119541. The affected element is an unknown function of the component Search. Performing manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. This product adopts a rolling release strategy to maintain continuous delivery
CVE-2025-6100 2026-04-15 6.3 Medium
A vulnerability was found in realguoshuai open-video-cms 1.0. It has been rated as critical. This issue affects some unknown processing of the file /v1/video/list. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-3009 2026-04-15 6.3 Medium
A vulnerability classified as critical was found in Jinher Network OA C6. Affected by this vulnerability is an unknown functionality of the file /C6/JHSoft.Web.NetDisk/NetDiskProperty.aspx. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-14207 1 Tushar-2223 1 Hotel-management-system 2026-04-15 7.3 High
A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The impacted element is an unknown function of the file /admin/invoiceprint.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
CVE-2025-14091 2026-04-15 7.3 High
A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Product Details Page. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2021-47763 1 Aimeos 1 Aimeos Laravel Ecommerce Platform 2026-04-15 8.2 High
Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending crafted GET requests to the jsonapi/review endpoint.
CVE-2020-37141 2 Amss++ Project, Amssplus 2 Amss++, Amss Plus 2026-04-15 8.2 High
AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify database contents.
CVE-2024-45755 1 Centreon 1 Centreon 2026-04-15 7.2 High
An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to configure Centreon DSM slots. Exploitation is only accessible to authenticated users with high-privileged access.
CVE-2025-2351 2026-04-15 7.3 High
A vulnerability classified as critical was found in DayCloud StudentManage 1.0. This vulnerability affects unknown code of the file /admin/adminScoreUrl of the component Login Endpoint. The manipulation of the argument query leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-11628 2026-04-15 4.7 Medium
A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inventory Handler. This manipulation of the argument product_code causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.