Export limit exceeded: 18779 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18779 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33615 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2026-04-16 | 9.1 Critical |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability. | ||||
| CVE-2026-33616 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2026-04-16 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-27832 | 1 Intermesh | 1 Group-office | 2026-04-16 | 8.8 High |
| Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection (SQLi) vulnerability, exploitable through the `advancedQueryData` parameter (`comparator` field) on an authenticated endpoint. The endpoint `index.php?r=email/template/emailSelection` processes `advancedQueryData` and forwards the SQL comparator without a strict allowlist into SQL condition building. This enables blind boolean-based exfiltration of the `core_auth_password` table. Versions 26.0.8, 25.0.87, and 6.8.153 fix the issue. | ||||
| CVE-2026-26707 | 2 Oretnom23, Sourcecodester | 2 Pharmacy Point Of Sale System, Pharmacy Point Of Sale System | 2026-04-16 | 9.8 Critical |
| sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_supplier.php. | ||||
| CVE-2026-26701 | 2 Jon-remus-sevellejo, Sourcecodester | 2 Personnel Property Equipment System, Personnel Property Equipment System | 2026-04-16 | 9.8 Critical |
| sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php. | ||||
| CVE-2026-26711 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-04-16 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php. | ||||
| CVE-2026-26712 | 1 Carmelo | 1 Simple Food Order System | 2026-04-16 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php. | ||||
| CVE-2026-26710 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-04-16 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php. | ||||
| CVE-2026-26713 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-04-16 | 9.8 Critical |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php. | ||||
| CVE-2026-26696 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-04-16 | 9.8 Critical |
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php. | ||||
| CVE-2026-26694 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-04-16 | 9.8 Critical |
| code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php. | ||||
| CVE-2026-26697 | 2 Carmelo, Code-projects | 2 Simple Student Alumni System, Simple Student Alumni System | 2026-04-16 | 4.9 Medium |
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=. | ||||
| CVE-2026-26886 | 2 Oretnom23, Sourcecodester | 2 Simple Online Men\'s Salon Management System, Online Mens Salon Management System | 2026-04-16 | 2.7 Low |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php. | ||||
| CVE-2026-26884 | 2 Oretnom23, Sourcecodester | 2 Simple Online Men\'s Salon Management System, Online Mens Salon Management System | 2026-04-16 | 2.7 Low |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php. | ||||
| CVE-2026-26885 | 2 Oretnom23, Sourcecodester | 2 Simple Online Men\'s Salon Management System, Online Mens Salon Management System | 2026-04-16 | 2.7 Low |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_service. | ||||
| CVE-2026-26883 | 2 Oretnom23, Sourcecodester | 2 Simple Online Men\'s Salon Management System, Online Mens Salon Management System | 2026-04-16 | 2.7 Low |
| Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=delete_appointment. | ||||
| CVE-2026-3486 | 2 Angeljudesuarez, Itsourcecode | 2 College Management System, College Management System | 2026-04-16 | 4.7 Medium |
| A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-3487 | 2 Angeljudesuarez, Itsourcecode | 2 College Management System, College Management System | 2026-04-16 | 4.7 Medium |
| A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument course_code results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-20002 | 1 Cisco | 1 Secure Firewall Management Center | 2026-04-16 | 8.1 High |
| A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain full access to the database and read certain files on the underlying operating system. To exploit this vulnerability, the attacker would need valid user credentials. | ||||
| CVE-2026-28284 | 2 Freepbx, Sangoma | 2 Security-reporting, Freepbx | 2026-04-16 | 8.8 High |
| FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5. | ||||