Export limit exceeded: 17457 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (17457 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25325 | 1 Thrive | 1 Smart Home | 2026-02-13 | 8.2 High |
| Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application. | ||||
| CVE-2019-25335 | 1 Websitem | 1 7070 Hazır Profesyonel Web Sitesi | 2026-02-13 | 7.5 High |
| PRO-7070 Hazır Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. Attackers can bypass authentication by using '=' 'or' as both username and password to gain unauthorized access to the administrative interface. | ||||
| CVE-2024-51962 | 1 Esri | 1 Arcgis Server | 2026-02-13 | 8.7 High |
| A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify column properties in a manner that could lead to SQL injection when performed by a remote authenticated user requiring elevated, non‑administrative privileges. Exploitation is restricted to users with advanced application‑specific permissions, indicating high privileges are required. Successful exploitation would have a high impact on integrity and confidentiality, with no impact on availability. | ||||
| CVE-2020-37053 | 1 Naviwebs | 1 Navigate Cms | 2026-02-13 | 7.1 High |
| Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts. | ||||
| CVE-2025-59473 | 1 Expressionengine | 1 Expressionengine | 2026-02-13 | 7.2 High |
| SQL Injection vulnerability in the Structure for Admin authenticated user | ||||
| CVE-2024-43468 | 1 Microsoft | 4 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 1 more | 2026-02-13 | 9.8 Critical |
| Microsoft Configuration Manager Remote Code Execution Vulnerability | ||||
| CVE-2025-64092 | 1 Zenitel | 4 Icx500, Icx500 Firmware, Icx510 and 1 more | 2026-02-12 | 7.5 High |
| This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. | ||||
| CVE-2025-10878 | 2 Insaat, Omran | 2 Fikir Odalari Adminpando, Fikir Odalari Adminpando | 2026-02-12 | 10 Critical |
| A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation). | ||||
| CVE-2025-39474 | 1 Thememove | 1 Amely | 2026-02-11 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Amely allows SQL Injection. This issue affects Amely: from n/a through 3.1.4. | ||||
| CVE-2021-47918 | 1 Simplephpscripts | 2 Simple Cms, Simple Cms Php | 2026-02-11 | 8.1 High |
| Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application. | ||||
| CVE-2021-47915 | 1 Phpsugar | 1 Php Melody | 2026-02-11 | 8.1 High |
| PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system. | ||||
| CVE-2025-52025 | 1 Aptsys | 2 Gemscms, Gemscms Backend | 2026-02-11 | 9.4 Critical |
| An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows an attacker to inject and execute arbitrary SQL code by submitting crafted input in the id parameter, leading to unauthorized data access or modification. | ||||
| CVE-2025-69662 | 1 Geopandas | 1 Geopandas | 2026-02-11 | 8.6 High |
| SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database. | ||||
| CVE-2025-14598 | 1 Cloudilyaerp | 1 Bet E-portal | 2026-02-10 | 9.8 Critical |
| BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database. | ||||
| CVE-2026-1478 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | 7.5 High |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' and 'Id_evaluacion’ in ‘/evaluacion_hca_evalua.aspx’, could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | ||||
| CVE-2026-1483 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | 7.5 High |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' in '/evaluacion_objetivos_ver_auto.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | ||||
| CVE-2026-1472 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | 7.5 High |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'txAny' in '/evaluacion_competencias_autoeval_list.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | ||||
| CVE-2026-1473 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | 7.5 High |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario’ in '/evaluacion_competencias_evalua.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | ||||
| CVE-2026-1474 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | 7.5 High |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' and 'Id_evaluacion' en ‘/evaluacion_inicio.aspx’, could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | ||||
| CVE-2026-1475 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | 7.5 High |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter ‘Id_usuario' in ‘/evaluacion_acciones_evalua.aspx’, could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | ||||