Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19010 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2135 | 1 Advantech | 1 Iview | 2025-04-16 | 7.5 High |
| The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. | ||||
| CVE-2024-2152 | 1 Oretnom23 | 1 Online Mobile Store Management System | 2025-04-16 | 4.7 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Online Mobile Management Store 1.0. Affected by this issue is some unknown functionality of the file /admin/product/manage_product.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255584. | ||||
| CVE-2024-33144 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 8.8 High |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. | ||||
| CVE-2024-33139 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 7.5 High |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. | ||||
| CVE-2024-35091 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 9.8 Critical |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml. | ||||
| CVE-2024-35090 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 8.2 High |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml. | ||||
| CVE-2024-35086 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 9.8 Critical |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml . | ||||
| CVE-2024-35085 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 5.4 Medium |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml. | ||||
| CVE-2024-35084 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 9.8 Critical |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml. | ||||
| CVE-2024-35083 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 8.8 High |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml. | ||||
| CVE-2024-35082 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 6.3 Medium |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml. | ||||
| CVE-2021-40617 | 1 Os4ed | 1 Opensis | 2025-04-16 | 9.8 Critical |
| An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php. | ||||
| CVE-2020-5504 | 3 Debian, Phpmyadmin, Suse | 3 Debian Linux, Phpmyadmin, Suse Linux Enterprise Server | 2025-04-16 | 8.8 High |
| In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. | ||||
| CVE-2019-16693 | 1 Phpipam | 1 Phpipam | 2025-04-16 | 9.8 Critical |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. | ||||
| CVE-2024-40443 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | 4.3 Medium |
| SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php | ||||
| CVE-2023-33362 | 1 Piwigo | 1 Piwigo | 2025-04-16 | 9.8 Critical |
| Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. | ||||
| CVE-2025-0843 | 1 Needyamin | 1 Library Card System | 2025-04-16 | 7.3 High |
| A vulnerability was found in needyamin Library Card System 1.0. It has been classified as critical. Affected is an unknown function of the file admindashboard.php of the component Admin Panel. The manipulation of the argument email/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-21210 | 1 Lansweeper | 1 Lansweeper | 2025-04-15 | 8.8 High |
| An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2022-21234 | 1 Lansweeper | 1 Lansweeper | 2025-04-15 | 8.8 High |
| An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2022-22149 | 1 Lansweeper | 1 Lansweeper | 2025-04-15 | 8.8 High |
| A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||