Export limit exceeded: 19119 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19216 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25364 | 1 Fyffe | 1 Php-twitter-clone | 2026-05-26 | 8.2 High |
| Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including usernames, credentials, and system data using error-based and union-based SQL injection techniques. | ||||
| CVE-2026-9451 | 1 Code-projects | 1 Employee Management System | 2026-05-26 | 6.3 Medium |
| A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-48136 | 1 Checkpoint | 1 Quantum Security Management | 2026-05-26 | 4.1 Medium |
| When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC). | ||||
| CVE-2018-25352 | 3 Accesspressthemes, Ultimate-form-builder-lite, Wordpress | 3 Ultimate-form-builder-lite, Ultimate Form Builder Lite, Wordpress | 2026-05-26 | 7.1 High |
| WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entry_id POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint with the ufbl_get_entry_detail_action action to extract, modify, or escalate privileges within the WordPress database. | ||||
| CVE-2018-25346 | 2 10web, Wordpress | 2 Form Maker, Wordpress | 2026-05-26 | 7.1 High |
| WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generete_csv actions. Attackers can submit POST requests with malicious SQL payloads in the name and search_labels parameters to extract, modify, or escalate privileges within the WordPress database. | ||||
| CVE-2018-25340 | 1 Behance | 1 Smartshop | 2026-05-26 | 8.2 High |
| Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and other data. | ||||
| CVE-2026-9444 | 1 Sourcecodester | 1 Simple Pos And Inventory System | 2026-05-26 | 4.7 Medium |
| A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2026-7815 | 1 Pgadmin | 1 Pgadmin 4 | 2026-05-26 | 8.8 High |
| SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with the tools_maintenance permission could break out of the option syntax and execute arbitrary SQL on the connected PostgreSQL server. The injected SQL could in turn invoke COPY ... TO PROGRAM to escalate to operating-system command execution on the database host. Fix introduces server-side allow-listing of all four fields and switches reindex_tablespace from manual quoting to the qtIdent filter. This issue affects pgAdmin 4: before 9.15. | ||||
| CVE-2026-9450 | 1 Code-projects | 1 Employee Management System | 2026-05-26 | 6.3 Medium |
| A security flaw has been discovered in code-projects Employee Management System 1.0. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-26980 | 1 Ghost | 1 Ghost | 2026-05-26 | 9.4 Critical |
| Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1. | ||||
| CVE-2026-9355 | 1 Sourcecodester | 1 Hospitals Patient Records Management System | 2026-05-26 | 7.3 High |
| A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save_patient_history. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2018-25351 | 1 Harmistechnology | 1 Ek Rishta | 2026-05-26 | 8.2 High |
| Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads in the username field to extract database information including user credentials and system details. | ||||
| CVE-2026-9449 | 1 Code-projects | 1 Employee Management System | 2026-05-26 | 6.3 Medium |
| A vulnerability was identified in code-projects Employee Management System 1.0. This impacts an unknown function of the file /changepassemp.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2018-25380 | 1 Extro | 1 Extroforms | 2026-05-26 | 7.1 High |
| Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL payloads to extract sensitive database information and server data. | ||||
| CVE-2018-25371 | 1 Moosocial | 2 Moosocial, Moosocial Store Plugin | 2026-05-26 | 8.2 High |
| mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality. Attackers can inject SQL code using boolean-based blind, time-based blind, or stacked query techniques in the product URI parameter to extract sensitive database information. | ||||
| CVE-2026-9465 | 1 Tiandy | 1 Easy7 Integrated Management Platform | 2026-05-26 | 7.3 High |
| A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/GetDBDataEx.jsp. Performing a manipulation of the argument strTBName results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-27768 | 1 Genetec | 1 Security Center | 2026-05-26 | 6.6 Medium |
| SQL Injection affecting the Access Manager role. | ||||
| CVE-2018-25381 | 2 Almera Responsive Portfolio Project, Extro | 2 Almera Responsive Portfolio, Responsive Portfolio | 2026-05-26 | 7.1 High |
| Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests to extract sensitive database information including credentials and server details. | ||||
| CVE-2026-48842 | 1 Roundcube | 1 Webmail | 2026-05-26 | 8.1 High |
| Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass. | ||||
| CVE-2026-9474 | 1 Yashpokharna2555 | 1 Studentmanagementsystem | 2026-05-26 | 7.3 High |
| A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f558ddf8d19396de0f92abf2d224d46a0a203. Affected by this issue is the function confirm_logged_in of the file /studentdel.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet. | ||||