Export limit exceeded: 17428 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (17428 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13973 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-17 | 6.8 Medium |
| A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution. | ||||
| CVE-2025-7624 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-17 | 9.8 Critical |
| An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA. | ||||
| CVE-2025-10387 | 1 Codesiddhant | 1 Jasmin Ransomware | 2025-11-14 | 6.3 Medium |
| A vulnerability was determined in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machine_name/computer_user/os/date/time/ip/location/systemid/password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6095 | 1 Codesiddhant | 1 Jasmin-ransomware | 2025-11-14 | 7.3 High |
| A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6096 | 1 Codesiddhant | 1 Jasmin-ransomware | 2025-11-14 | 6.3 Medium |
| A vulnerability has been found in codesiddhant Jasmin Ransomware up to 1.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The manipulation of the argument Search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4696 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2025-11-13 | 6.3 Medium |
| A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4695 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2025-11-13 | 6.3 Medium |
| A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-11055 | 2 Fabian, Sourcecodester | 2 Online Hotel Reservation System, Online Hotel Reservation System | 2025-11-13 | 7.3 High |
| A vulnerability was detected in SourceCodester Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/updateaddress.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2025-10843 | 1 Fabian | 1 Online Hotel Reservation System | 2025-11-13 | 7.3 High |
| A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2025-7744 | 1 Dolusoft | 1 Omaspot | 2025-11-13 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dolusoft Omaspot allows SQL Injection.This issue affects Omaspot: before 12.09.2025. | ||||
| CVE-2025-6458 | 1 Fabian | 1 Online Hotel Reservation System | 2025-11-13 | 7.3 High |
| A vulnerability has been found in code-projects Online Hotel Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/execedituser.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6457 | 1 Fabian | 1 Online Hotel Reservation System | 2025-11-13 | 7.3 High |
| A vulnerability, which was classified as critical, was found in code-projects Online Hotel Reservation System 1.0. This affects an unknown part of the file /reservation/demo.php. The manipulation of the argument Start leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6456 | 1 Fabian | 1 Online Hotel Reservation System | 2025-11-13 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in code-projects Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /reservation/order.php. The manipulation of the argument Start leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6455 | 1 Fabian | 1 Online Hotel Reservation System | 2025-11-13 | 7.3 High |
| A vulnerability classified as critical was found in code-projects Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /messageexec.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6355 | 2 Fabian, Sourcecodester | 2 Online Hotel Reservation System, Online Hotel Reservation System | 2025-11-13 | 7.3 High |
| A vulnerability has been found in SourceCodester Online Hotel Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/execeditroom.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-51970 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2025-11-13 | 7.7 High |
| A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter. | ||||
| CVE-2024-12727 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-12 | 9.8 Critical |
| A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode. | ||||
| CVE-2025-26392 | 1 Solarwinds | 2 Observability Self-hosted, Observability Self Hosted | 2025-11-12 | 5.4 Medium |
| SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account. | ||||
| CVE-2025-5400 | 1 Chaitak-gorai | 1 Blogbook | 2025-11-10 | 7.3 High |
| A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been classified as critical. Affected is an unknown function of the file /user.php of the component GET Parameter Handler. The manipulation of the argument u_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5401 | 1 Chaitak-gorai | 1 Blogbook | 2025-11-10 | 7.3 High |
| A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /post.php of the component GET Parameter Handler. The manipulation of the argument p_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||