Export limit exceeded: 17584 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18768 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-57870 | 4 Esri, Kubernetes, Linux and 1 more | 5 Arcgis Server, Kubernetes, Linux and 2 more | 2026-02-26 | 10 Critical |
| A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful exploitation can potentially result in unauthorized access, modification, or deletion of data from the underlying Enterprise Geodatabase. | ||||
| CVE-2025-64156 | 1 Fortinet | 1 Fortivoice | 2026-02-26 | 6.8 Medium |
| An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted requests | ||||
| CVE-2025-58692 | 1 Fortinet | 1 Fortivoice | 2026-02-26 | 7.7 High |
| An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests. | ||||
| CVE-2025-67736 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2026-02-26 | 7.2 High |
| The FreePBX module tts (Text to Speech) for FreePBX, an open-source web-based graphical user interface (GUI) that manages Asterisk. Versions prior to 16.0.5 and 17.0.5 are vulnerable to SQL injection by authenticated users with administrator access. Authenticated users with administrative access to the Administrator Control Panel (ACP) can leverage this SQL injection vulnerability to extract sensitive information from the database and execute code on the system as the `asterisk` user with chained elevation to `root` privileges. Users should upgrade to version 16.0.5 or 17.0.5 to receive a fix. | ||||
| CVE-2025-62849 | 2 Qnap, Qnap Systems Inc. | 4 Qts, Quts Hero, Qts and 1 more | 2026-02-26 | 9.8 Critical |
| An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later | ||||
| CVE-2025-13774 | 1 Progress | 2 Flowmon, Flowmon Anomaly Detection System | 2026-02-26 | 8.8 High |
| A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands. | ||||
| CVE-2025-13379 | 1 Ibm | 1 Aspera Console | 2026-02-26 | 8.6 High |
| IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | ||||
| CVE-2025-36588 | 1 Dell | 2 Unisphere For Powermax, Unisphere For Powermax Virtual Appliance | 2026-02-26 | 8.8 High |
| Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | ||||
| CVE-2025-15560 | 1 Nestersoft | 1 Worktime | 2026-02-26 | 8.8 High |
| An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can execute arbitrary SQL statements on the database backend and gain access to sensitive data. | ||||
| CVE-2023-49085 | 1 Cacti | 1 Cacti | 2026-02-25 | 8.8 High |
| Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist. | ||||
| CVE-2022-23797 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 9.8 Critical |
| An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. | ||||
| CVE-2022-3915 | 1 Dokan | 1 Dokan | 2026-02-24 | 9.8 Critical |
| The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | ||||
| CVE-2023-26525 | 1 Dokan | 1 Dokan | 2026-02-24 | 7.1 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.12. | ||||
| CVE-2023-40923 | 1 Myprestamodules | 1 Orders \(csv\, Excel\) Export Pro | 2026-02-24 | 8.8 High |
| MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters. | ||||
| CVE-2025-13289 | 1 1000projects | 2 Design & Development Of Student Database Management System, Design \& Development Of Student Database Management System | 2026-02-24 | 6.3 Medium |
| A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Affected is an unknown function of the file /TeacherLogin/Academics/SubjectDetails.php. The manipulation of the argument SubCode results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. | ||||
| CVE-2025-12338 | 2 Campcodes, Retro Basketball Shoes Online Store Project | 2 Retro Basketball Shoes Online Store, Retro Basketball Shoes Online Store | 2026-02-24 | 7.3 High |
| A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file /admin/admin_product.ph. Executing a manipulation of the argument pid can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-12337 | 2 Campcodes, Retro Basketball Shoes Online Store Project | 2 Retro Basketball Shoes Online Store, Retro Basketball Shoes Online Store | 2026-02-24 | 7.3 High |
| A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/admin_feature.php. Performing a manipulation of the argument pid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-12315 | 1 Code-projects | 2 Food Ordering System, Simple Food Ordering System | 2026-02-24 | 4.7 Medium |
| A vulnerability was determined in code-projects Food Ordering System 1.0. This affects an unknown function of the file /admin/menu.php. Executing a manipulation of the argument itemPrice can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-12314 | 1 Code-projects | 2 Food Ordering System, Simple Food Ordering System | 2026-02-24 | 4.7 Medium |
| A vulnerability was found in code-projects Food Ordering System 1.0. The impacted element is an unknown function of the file /admin/deleteitem.php. Performing a manipulation of the argument itemID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2025-12261 | 1 Codeastro | 1 Gym Management System | 2026-02-24 | 6.3 Medium |
| A vulnerability was found in CodeAstro Gym Management System 1.0. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||