Export limit exceeded: 18779 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18779 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36972 | 1 Smartdatasoft | 1 Smartblog | 2026-03-05 | 8.2 High |
| SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-by-character of database information. | ||||
| CVE-2020-36947 | 1 Librenms | 1 Librenms | 2026-03-05 | 7.1 High |
| LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection. | ||||
| CVE-2024-20340 | 1 Cisco | 1 Secure Firewall Management Center | 2026-03-04 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system. | ||||
| CVE-2025-50190 | 1 Chamilo | 1 Chamilo Lms | 2026-03-03 | 9.8 Critical |
| Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-50191 | 1 Chamilo | 1 Chamilo Lms | 2026-03-03 | 7.2 High |
| Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-50192 | 1 Chamilo | 1 Chamilo Lms | 2026-03-03 | 9.8 Critical |
| Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-50189 | 1 Chamilo | 1 Chamilo Lms | 2026-03-03 | 8.8 High |
| Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/copy_course_session_selected.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30. | ||||
| CVE-2025-50188 | 1 Chamilo | 1 Chamilo Lms | 2026-03-03 | 7.2 High |
| Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an attacker to perform an attack aimed at modifying the database query logic by injecting an arbitrary SQL statements. This issue has been patched in version 1.11.30. | ||||
| CVE-2024-39027 | 1 Seacms | 1 Seacms | 2026-03-03 | 7.5 High |
| SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked. | ||||
| CVE-2025-10350 | 1 Cgm | 1 Cgm Netraad | 2026-03-03 | N/A |
| SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9.0. | ||||
| CVE-2025-30062 | 1 Cgm | 1 Cgm Clininet | 2026-03-03 | N/A |
| In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection. | ||||
| CVE-2025-11165 | 1 Dotcms | 1 Dotcms | 2026-03-03 | 9.9 Critical |
| A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine (VTools) that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and reinitializing its Uberspect, a malicious actor can remove the introspector.restrict.classes and introspector.restrict.packages protections. Once these restrictions are cleared, the attacker can access arbitrary Java classes, including java.lang.Runtime, and execute arbitrary system commands under the privileges of the application process (e.g. dotCMS or Tomcat user). | ||||
| CVE-2019-25347 | 1 Kostasmitroglou | 2 Password Management Application, Thesystem | 2026-03-02 | 7.5 High |
| thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to user accounts. | ||||
| CVE-2019-25346 | 1 Kostasmitroglou | 2 Password Management Application, Thesystem | 2026-03-02 | 7.5 High |
| TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information. | ||||
| CVE-2019-25298 | 1 Lolypop55 | 1 Html5 Snmp | 2026-03-02 | 9.1 Critical |
| html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by sending crafted payloads. | ||||
| CVE-2022-43462 | 1 Ad33lx | 1 Ip Blacklist Cloud | 2026-02-27 | 9.1 Critical |
| Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions. | ||||
| CVE-2022-46764 | 2 Microsoft, Trueconf | 2 Windows, Server | 2026-02-27 | 9.8 Critical |
| A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution. | ||||
| CVE-2025-10258 | 1 Nokia | 1 Infinera Dna | 2026-02-26 | 6.3 Medium |
| Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information. | ||||
| CVE-2025-27378 | 1 Altium | 2 Aes, On-prem Enterprise Server | 2026-02-26 | 8.6 High |
| AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries. | ||||
| CVE-2024-13162 | 1 Ivanti | 1 Endpoint Manager | 2026-02-26 | 7.2 High |
| SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848. | ||||