Export limit exceeded: 17911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (17911 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43468 | 1 Microsoft | 4 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 1 more | 2026-02-13 | 9.8 Critical |
| Microsoft Configuration Manager Remote Code Execution Vulnerability | ||||
| CVE-2025-13379 | 1 Ibm | 1 Aspera Console | 2026-02-12 | 8.6 High |
| IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | ||||
| CVE-2020-37112 | 2 Gunet, Openeclass | 2 Open Eclass Platform, Openeclass | 2026-02-12 | 7.1 High |
| GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques. | ||||
| CVE-2025-64092 | 1 Zenitel | 4 Icx500, Icx500 Firmware, Icx510 and 1 more | 2026-02-12 | 7.5 High |
| This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. | ||||
| CVE-2025-10878 | 2 Insaat, Omran | 2 Fikir Odalari Adminpando, Fikir Odalari Adminpando | 2026-02-12 | 10 Critical |
| A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation). | ||||
| CVE-2025-6830 | 1 Xpoda Turkiye Information Technology | 1 Xpoda Studio | 2026-02-11 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Türkiye Information Technology Inc. Password Module allows SQL Injection.This issue affects Password Module: through 11022026. | ||||
| CVE-2025-7636 | 1 Ergosis Security Systems Computer Industry And Trade Inc. | 1 Zeus Pdks | 2026-02-11 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security Systems Computer Industry and Trade Inc. ZEUS PDKS allows SQL Injection.This issue affects ZEUS PDKS: from <1.0.5.10 through 10022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-13431 | 2 Veronalabs, Wordpress | 2 Slimstat Analytics, Wordpress | 2026-02-11 | 6.5 Medium |
| The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-39474 | 1 Thememove | 1 Amely | 2026-02-11 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Amely allows SQL Injection. This issue affects Amely: from n/a through 3.1.4. | ||||
| CVE-2021-47918 | 1 Simplephpscripts | 2 Simple Cms, Simple Cms Php | 2026-02-11 | 8.1 High |
| Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application. | ||||
| CVE-2021-47915 | 1 Phpsugar | 1 Php Melody | 2026-02-11 | 8.1 High |
| PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system. | ||||
| CVE-2025-63624 | 2 Sdkede, Shandong Kede | 3 Iot Smart Water Meter, Iot Smart Water Meter Firmware, Iot Smart Water Meter Monitoring Platform | 2026-02-11 | 9.8 Critical |
| SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imei_list.aspx file. | ||||
| CVE-2025-52025 | 1 Aptsys | 2 Gemscms, Gemscms Backend | 2026-02-11 | 9.4 Critical |
| An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows an attacker to inject and execute arbitrary SQL code by submitting crafted input in the id parameter, leading to unauthorized data access or modification. | ||||
| CVE-2025-69662 | 1 Geopandas | 1 Geopandas | 2026-02-11 | 8.6 High |
| SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database. | ||||
| CVE-2025-57529 | 1 Youdatasum | 1 Cpas Audit Management System | 2026-02-10 | 9.8 Critical |
| YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could lead to unauthorized data access | ||||
| CVE-2025-14598 | 1 Cloudilyaerp | 1 Bet E-portal | 2026-02-10 | 9.8 Critical |
| BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database. | ||||
| CVE-2026-1478 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | 7.5 High |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' and 'Id_evaluacion’ in ‘/evaluacion_hca_evalua.aspx’, could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | ||||
| CVE-2026-1483 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | 7.5 High |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' in '/evaluacion_objetivos_ver_auto.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | ||||
| CVE-2026-1472 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | 7.5 High |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'txAny' in '/evaluacion_competencias_autoeval_list.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | ||||
| CVE-2026-1473 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | 7.5 High |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario’ in '/evaluacion_competencias_evalua.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | ||||