Export limit exceeded: 19646 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19646 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-14705 1 Code-projects 1 Online Examination 2026-07-06 7.3 High
A vulnerability was determined in code-projects Online Examination 1.0. Affected by this issue is some unknown functionality of the file head.php. Executing a manipulation of the argument uname/password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-14747 1 Code-projects 1 Real State Services 2026-07-06 7.3 High
A vulnerability was detected in code-projects Real State Services 1.0. Affected by this vulnerability is an unknown functionality of the file /addprojectsale.php. The manipulation of the argument amen results in sql injection. The attack can be launched remotely.
CVE-2026-14731 1 Itsourcecode 1 Hospital Management System 2026-07-06 6.3 Medium
A weakness has been identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patientreport.php. Executing a manipulation of the argument editid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-14746 1 Code-projects 1 Real State Services 2026-07-06 7.3 High
A security vulnerability has been detected in code-projects Real State Services 1.0. Affected is an unknown function of the file /addprojectrent.php. The manipulation of the argument amen leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-14766 1 Codeastro 1 Apartment Visitor Management System 2026-07-06 6.3 Medium
A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
CVE-2026-14772 1 Sourcecodester 1 Class And Exam Timetabling System 2026-07-06 7.3 High
A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /edit_course1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-14764 1 Code-projects 1 Hotel And Tourism Reservation 2026-07-06 7.3 High
A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/add_event.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-14737 1 Hanwang 1 E-face General Management Platform 2026-07-06 7.3 High
A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVE-2026-14771 1 Sourcecodester 1 Class And Exam Timetabling System 2026-07-06 7.3 High
A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /edit_exam1.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2026-14795 1 Codeastro 1 Apartment Visitor Management System 2026-07-06 6.3 Medium
A vulnerability has been found in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/action-visitor.php. Such manipulation of the argument remark leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
CVE-2026-14797 1 Codeastro 1 Apartment Visitor Management System 2026-07-06 6.3 Medium
A vulnerability was determined in CodeAstro Apartment Visitor Management System 1.0. This vulnerability affects unknown code of the file /apartment-visitor/edit-apartment.php. Executing a manipulation of the argument editid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2023-39807 1 Nvki 1 Intelligent Broadband Subscriber Gateway 2026-07-05 9.8 Critical
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.
CVE-2024-48733 1 Sas 1 Studio 2026-07-05 8.8 High
SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users.
CVE-2026-52673 1 Cboard 1 Cboard 2026-07-05 6.5 Medium
SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component
CVE-2024-28714 1 Crmeb 1 Crmeb Java 2026-07-05 8.1 High
SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter.
CVE-2023-29863 1 Medisys 1 Weblab 2026-07-05 9.8 Critical
Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files.
CVE-2020-24913 1 Qcubed 1 Qcubed 2026-07-04 9.8 Critical
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
CVE-2023-33677 2 Oretnom23, Sourcecodester 2 Lost And Found Information System, Lost And Found Information System 2026-07-04 5.4 Medium
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".
CVE-2026-57679 2026-07-03 9.3 Critical
Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions.
CVE-2026-13357 2026-07-02 4.9 Medium
The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepare_items() method of the Houzez_Property_Feed_Admin_Logs_Export_Table (and Houzez_Property_Feed_Admin_Logs_Import_Table) class. The user-controlled $_GET['orderby'] and $_GET['order'] values are filtered only with sanitize_text_field() and then concatenated into the SQL format string before $wpdb->prepare() is called — prepare() only parameterizes the appended LIMIT/OFFSET clause and cannot retroactively secure the already-tainted ORDER BY clause. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.