Export limit exceeded: 18232 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18232 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0603 | 1 Redhat | 12 Amq Broker, Jboss Data Grid, Jboss Enterprise Application Platform and 9 more | 2026-03-18 | 8.3 High |
| A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service. | ||||
| CVE-2015-20121 | 2 Next Click Ventures, Nextclickventures | 2 Realtyscripts, Realtyscript | 2026-03-18 | 8.2 High |
| Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parameter 'u_id' in /admin/users.php and the POST parameter 'agent[]' in /admin/mailer.php. Attackers can exploit time-based blind SQL injection techniques to extract sensitive database information or cause denial of service through sleep-based payloads. | ||||
| CVE-2026-4319 | 1 Code-projects | 1 Simple Food Order System | 2026-03-18 | 7.3 High |
| A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2023-2047 | 1 Campcodes | 1 Advanced Online Voting System | 2026-03-18 | 6.3 Medium |
| A vulnerability was found in Campcodes Advanced Online Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument voter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225932. | ||||
| CVE-2023-2049 | 1 Campcodes | 1 Advanced Online Voting System | 2026-03-18 | 6.3 Medium |
| A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ballot_up.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225934 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-2048 | 1 Campcodes | 1 Advanced Online Voting System | 2026-03-18 | 6.3 Medium |
| A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/voters_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225933 was assigned to this vulnerability. | ||||
| CVE-2023-2050 | 1 Campcodes | 1 Advanced Online Voting System | 2026-03-18 | 6.3 Medium |
| A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/positions_add.php. The manipulation of the argument description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225935. | ||||
| CVE-2023-2052 | 1 Campcodes | 1 Advanced Online Voting System | 2026-03-18 | 6.3 Medium |
| A vulnerability classified as critical was found in Campcodes Advanced Online Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ballot_down.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225937 was assigned to this vulnerability. | ||||
| CVE-2023-2054 | 1 Campcodes | 1 Advanced Online Voting System | 2026-03-18 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /admin/positions_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225939. | ||||
| CVE-2023-2051 | 1 Campcodes | 1 Advanced Online Voting System | 2026-03-18 | 6.3 Medium |
| A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/positions_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225936. | ||||
| CVE-2023-2053 | 1 Campcodes | 1 Advanced Online Voting System | 2026-03-18 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Campcodes Advanced Online Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/candidates_row.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225938 is the identifier assigned to this vulnerability. | ||||
| CVE-2019-25517 | 1 Jettweb | 2 Hazir Haber Sitesi Scripti, Php Stock News Site Script | 2026-03-17 | 8.2 High |
| Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injection to extract sensitive database information or modify database contents. | ||||
| CVE-2019-25518 | 1 Jettweb | 2 Hazir Haber Sitesi Scripti, Php Stock News Site Script | 2026-03-17 | 8.2 High |
| Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter to extract sensitive data or modify database contents. | ||||
| CVE-2019-25519 | 1 Jettweb | 2 Hazir Haber Sitesi Scripti, Php Stock News Site Script | 2026-03-17 | 8.2 High |
| Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to execute time-based SQL injection attacks and extract sensitive database information. | ||||
| CVE-2019-25520 | 1 Jettweb | 2 Hazir Haber Sitesi Scripti, Php Stock News Site Script | 2026-03-17 | 8.2 High |
| Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and password fields of the admingiris.php login form to bypass authentication and access the administrative interface. | ||||
| CVE-2026-22193 | 2 Gvectors, Wordpress | 2 Wpdiscuz, Wordpress | 2026-03-17 | 8.1 High |
| wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscription_date, and imported_from parameters to manipulate database queries and extract sensitive information. | ||||
| CVE-2019-25542 | 1 Netartmedia | 1 Real Estate Portal | 2026-03-17 | 8.2 High |
| Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter. Attackers can send POST requests to index.php with malicious payloads in the user_email field to bypass authentication, extract sensitive data, or modify database contents. | ||||
| CVE-2019-25543 | 1 Netartmedia | 1 Real Estate Portal | 2026-03-17 | 8.2 High |
| Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can submit POST requests to index.php with malicious SQL payloads in the page field to bypass authentication, extract sensitive data, or modify database contents. | ||||
| CVE-2019-25482 | 1 Jettweb | 2 Hazir Rent A Car Sitesi Scripti, Php Ready Rent A Car Site Script | 2026-03-17 | 8.2 High |
| Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to extract sensitive database information. | ||||
| CVE-2019-25488 | 1 Jettweb | 2 Php Ready Rent A Car Site Script, Rent A Car Scripti | 2026-03-17 | 8.2 High |
| Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php endpoint to extract sensitive database information or cause denial of service. | ||||