Export limit exceeded: 18228 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18228 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25527 | 1 Inoutscripts | 2 Inout Easyrooms Ultimate Edition, Inout Homestay | 2026-03-19 | 8.2 High |
| Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to bypass authentication, extract sensitive data, or modify database contents. | ||||
| CVE-2019-25528 | 1 Inoutscripts | 2 Inout Easyrooms Ultimate Edition, Inout Homestay | 2026-03-19 | 8.2 High |
| Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to extract sensitive data or modify database contents. | ||||
| CVE-2026-3658 | 2026-03-19 | 7.5 High | ||
| The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database, including usernames, email addresses, and password hashes. | ||||
| CVE-2026-4324 | 1 Redhat | 1 Satellite | 2026-03-19 | 5.4 Medium |
| A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database. | ||||
| CVE-2025-67830 | 1 Murasoftware | 1 Mura Cms | 2026-03-19 | 9.8 Critical |
| Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection. | ||||
| CVE-2025-67829 | 1 Murasoftware | 1 Mura Cms | 2026-03-19 | 9.8 Critical |
| Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection. | ||||
| CVE-2025-58112 | 1 Microsoft | 1 Dynamics 365 Customer Service | 2026-03-19 | 8.8 High |
| Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting Services Reports can upload a malicious rdl file. If the malicious rdl file is already loaded and it is executable by the user, the Add Reporting Services Reports privilege is not required. A malicious actor can trigger the generation of the report, causing the execution of arbitrary SQL commands in the underlying database. Depending on the permissions of the account running SQL Server Reporting Services, the attacker may be able to perform additional actions, such as accessing linked servers or executing operating system commands. | ||||
| CVE-2015-20120 | 2 Next Click Ventures, Nextclickventures | 2 Realtyscript, Realtyscript | 2026-03-19 | 8.2 High |
| Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database contents character by character based on response timing differences. | ||||
| CVE-2026-27413 | 2 Cozmoslabs, Wordpress | 2 Profile Builder, Wordpress | 2026-03-19 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a through 3.13.9. | ||||
| CVE-2026-22730 | 1 Vmware | 1 Spring | 2026-03-19 | 8.8 High |
| A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization. | ||||
| CVE-2025-52646 | 1 Hcltech | 1 Aion | 2026-03-18 | 2.2 Low |
| HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions. | ||||
| CVE-2026-26001 | 1 Glpi-project | 1 Glpi Inventory | 2026-03-18 | 7.1 High |
| The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, non sanitized user input can lend to an SQL injection from reports, with adequate rights. This vulnerability is fixed in 1.6.6. | ||||
| CVE-2026-31825 | 1 Sylius | 1 Sylius | 2026-03-18 | 5.3 Medium |
| Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy() without validation. An attacker can inject arbitrary DQL. The issue is fixed in versions: 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, 2.2.3 and above. | ||||
| CVE-2026-30951 | 1 Sequelizejs | 1 Sequelize | 2026-03-18 | 7.5 High |
| Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The _traverseJSON() function splits JSON path keys on :: to extract a cast type, which is interpolated raw into CAST(... AS <type>) SQL. An attacker who controls JSON object keys can inject arbitrary SQL and exfiltrate data from any table. This vulnerability is fixed in 6.37.8. | ||||
| CVE-2026-31891 | 1 Cockpit-hq | 1 Cockpit | 2026-03-18 | 7.7 High |
| Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the `/api/content/aggregate/{model}` endpoint is publicly accessible or reachable by untrusted users may be vulnerable, and attackers in possession of a valid read-only API key (the lowest privilege level) can exploit this vulnerability — no admin access is required. An attacker can inject arbitrary SQL via unsanitized field names in aggregation queries, bypass the `_state=1` published-content filter to access unpublished or restricted content, and extract unauthorized data from the underlying SQLite content database. This vulnerability has been patched in version 2.13.5. The fix applies the same field-name sanitization introduced in v2.13.3 for `toJsonPath()` to the `toJsonExtractRaw()` method in `lib/MongoLite/Aggregation/Optimizer.php`, closing the injection vector in the Aggregation Optimizer. | ||||
| CVE-2026-33058 | 1 Kanboard | 1 Kanboard | 2026-03-18 | 6.5 Medium |
| Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51 fixes the issue. | ||||
| CVE-2026-0603 | 1 Redhat | 12 Amq Broker, Jboss Data Grid, Jboss Enterprise Application Platform and 9 more | 2026-03-18 | 8.3 High |
| A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service. | ||||
| CVE-2015-20121 | 2 Next Click Ventures, Nextclickventures | 2 Realtyscripts, Realtyscript | 2026-03-18 | 8.2 High |
| Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'u_id' in /admin/users.php and the POST parameter 'agent[]' in /admin/mailer.php. Attackers can exploit time-based blind SQL injection techniques to extract sensitive database information or cause denial of service through sleep-based payloads. | ||||
| CVE-2026-4319 | 1 Code-projects | 1 Simple Food Order System | 2026-03-18 | 7.3 High |
| A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2023-2047 | 1 Campcodes | 1 Advanced Online Voting System | 2026-03-18 | 6.3 Medium |
| A vulnerability was found in Campcodes Advanced Online Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument voter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225932. | ||||