Export limit exceeded: 45726 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18903 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18903 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-51968 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2025-09-09 | 6.5 Medium |
| A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions. | ||||
| CVE-2025-51969 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2025-09-09 | 6.5 Medium |
| A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being included in a SQL statement. | ||||
| CVE-2025-51971 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2025-09-09 | 5.4 Medium |
| A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without proper HTML encoding or output escaping. This allows remote attackers to inject arbitrary JavaScript code. | ||||
| CVE-2025-51972 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2025-09-09 | 6.5 Medium |
| A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter. | ||||
| CVE-2025-10068 | 2 Emiloi, Itsourcecode | 2 Online Discussion Forum, Online Discussion Forum | 2025-09-09 | 7.3 High |
| A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/admin_forum/add_views.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2025-10078 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-09 | 7.3 High |
| A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | ||||
| CVE-2025-10082 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-09 | 7.3 High |
| A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument email leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-56435 | 1 Foxcms | 1 Foxcms | 2025-09-09 | 5.3 Medium |
| SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file /DataBackup.php and the operation on the parameter id. | ||||
| CVE-2025-10077 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-09 | 7.3 High |
| A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10076 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-09 | 7.3 High |
| A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-51667 | 1 Ryansu | 1 Simple Admin | 2025-09-09 | 7 High |
| An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations. | ||||
| CVE-2025-10062 | 1 Itsourcecode | 1 Student Information Management System | 2025-09-09 | 7.3 High |
| A vulnerability was determined in itsourcecode Student Information Management System 1.0. This affects an unknown part of the file /admin/login.php. Executing manipulation of the argument uname can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-49215 | 2 Microsoft, Trendmicro | 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption | 2025-09-08 | 8.8 High |
| A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | ||||
| CVE-2025-49211 | 2 Microsoft, Trendmicro | 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption | 2025-09-08 | 7.7 High |
| A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | ||||
| CVE-2025-9699 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-08 | 7.3 High |
| A vulnerability was detected in SourceCodester Online Polling System Code 1.0. This vulnerability affects unknown code of the file /admin/checklogin.php. The manipulation of the argument myusername results in sql injection. The attack may be performed from a remote location. The exploit is now public and may be used. | ||||
| CVE-2025-9700 | 2 Janobe, Sourcecodester | 2 Online Book Store, Online Book Store | 2025-09-08 | 7.3 High |
| A flaw has been found in SourceCodester Online Book Store 1.0. This issue affects some unknown processing of the file /publisher_list.php. This manipulation of the argument pubid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2025-9701 | 2 Oretnom23, Sourcecodester | 2 Simple Cafe Billing System, Simple Cafe Billing System | 2025-09-08 | 7.3 High |
| A vulnerability was determined in SourceCodester Simple Cafe Billing System 1.0. The impacted element is an unknown function of the file /receipt.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-9702 | 2 Oretnom23, Sourcecodester | 2 Simple Cafe Billing System, Simple Cafe Billing System | 2025-09-08 | 7.3 High |
| A vulnerability was identified in SourceCodester Simple Cafe Billing System 1.0. This affects an unknown function of the file /sales_report.php. The manipulation of the argument month leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-9704 | 2 Janobe, Sourcecodester | 2 Water Billing System, Water Billing System | 2025-09-08 | 7.3 High |
| A security flaw has been discovered in SourceCodester Water Billing System 1.0. This impacts an unknown function of the file /viewbill.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-9705 | 2 Janobe, Sourcecodester | 2 Water Billing System, Water Billing System | 2025-09-08 | 7.3 High |
| A weakness has been identified in SourceCodester Water Billing System 1.0. Affected is an unknown function of the file /paybill.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | ||||