Export limit exceeded: 18235 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18235 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25187 | 1 Tina4 | 1 Tina4 Stack | 2026-03-16 | 8.2 High |
| Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the menu endpoint to manipulate database queries. | ||||
| CVE-2026-4236 | 2026-03-16 | 7.3 High | ||
| A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-4235 | 2026-03-16 | 7.3 High | ||
| A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument user_email causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-8587 | 2 Akce, Akceyazilim | 2 Skspro, Skspro | 2026-03-16 | 8.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026. | ||||
| CVE-2019-25539 | 2 Konradpl99, Sourceforge | 2 202cms, 202cms | 2026-03-16 | 8.2 High |
| 202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection techniques to extract sensitive database information. | ||||
| CVE-2019-25538 | 2 Konradpl99, Sourceforge | 2 202cms, 202cms | 2026-03-16 | 8.2 High |
| 202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. Attackers can send crafted requests with malicious SQL statements in the log_user field to extract sensitive database information or modify database contents. | ||||
| CVE-2026-4232 | 2026-03-16 | 7.3 High | ||
| A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-32365 | 2 Robfelty, Wordpress | 2 Collapsing Archives, Wordpress | 2026-03-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through <= 3.0.7. | ||||
| CVE-2025-52637 | 2026-03-16 | 4.5 Medium | ||
| HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions. | ||||
| CVE-2026-28501 | 1 Wwbn | 1 Avideo | 2026-03-16 | 9.8 Critical |
| WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and merged into $_REQUEST after global security checks are executed, the payload bypasses the existing sanitization mechanisms. This issue has been patched in version 24.0. | ||||
| CVE-2026-4237 | 1 Itsourcecode | 1 Free Hotel Reservation System | 2026-03-16 | 7.3 High |
| A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/mod_reports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. | ||||
| CVE-2026-25076 | 1 Anchore | 1 Anchore | 2026-03-16 | 7.3 High |
| Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise database. | ||||
| CVE-2026-31922 | 2 Ays-pro, Wordpress | 2 Fox Lms, Wordpress | 2026-03-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3. | ||||
| CVE-2026-31917 | 2 Wedevs, Wordpress | 2 Wp Erp, Wordpress | 2026-03-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10. | ||||
| CVE-2026-32418 | 2 Jordy Meow, Wordpress | 2 Meow Gallery, Wordpress | 2026-03-16 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4. | ||||
| CVE-2026-32422 | 2 Levelfourdevelopment, Wordpress | 2 Wp-easycart, Wordpress | 2026-03-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13. | ||||
| CVE-2026-32459 | 2 Flycart, Wordpress | 2 Upsellwp, Wordpress | 2026-03-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4. | ||||
| CVE-2026-32366 | 2 Robfelty, Wordpress | 2 Collapsing Categories, Wordpress | 2026-03-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= 3.0.9. | ||||
| CVE-2026-32368 | 2 Delphiknight, Wordpress | 2 Geo To Lat, Wordpress | 2026-03-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19. | ||||
| CVE-2026-32458 | 2 Realmag777, Wordpress | 2 Wolf, Wordpress | 2026-03-16 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7. | ||||