Export limit exceeded: 338065 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18175 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33332 | 2 Bladex, Smallchill | 2 Springblade, Springblade | 2025-06-03 | 7.5 High |
| An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant. | ||||
| CVE-2024-0364 | 1 Phpgurukul | 1 Hospital Management System | 2025-06-03 | 5.5 Medium |
| A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131. | ||||
| CVE-2023-47460 | 1 Knovos | 1 Discovery | 2025-06-03 | 8.8 High |
| SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component. | ||||
| CVE-2023-30015 | 1 Oretnom23 | 1 Judging Management System | 2025-06-03 | 9.8 Critical |
| SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php. | ||||
| CVE-2023-30014 | 1 Oretnom23 | 1 Judging Management System | 2025-06-03 | 9.8 Critical |
| SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php. | ||||
| CVE-2024-35056 | 1 Nasa | 1 Ait Core | 2025-06-03 | 9.8 Critical |
| NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions. | ||||
| CVE-2023-3377 | 1 Veribase | 1 Veribase | 2025-06-03 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection.This issue affects Veribase: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6276 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2025-06-03 | 6.3 Medium |
| A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability. | ||||
| CVE-2024-0460 | 1 Carmelogarcia | 1 Faculty Management System | 2025-06-03 | 6.3 Medium |
| A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250565 was assigned to this vulnerability. | ||||
| CVE-2024-0464 | 1 Code-projects | 1 Online Faculty Clearance | 2025-06-03 | 6.3 Medium |
| A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file delete_faculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250569 was assigned to this vulnerability. | ||||
| CVE-2024-0470 | 1 Code-projects | 1 Human Resource Integrated System | 2025-06-03 | 6.3 Medium |
| A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been classified as critical. This affects an unknown part of the file /admin_route/inc_service_credits.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250575. | ||||
| CVE-2024-0473 | 1 Code-projects | 1 Dormitory Management System | 2025-06-03 | 6.3 Medium |
| A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250578 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0482 | 1 Jifeer | 1 Taokeyun | 2025-06-03 | 6.3 Medium |
| A vulnerability classified as critical has been found in Taokeyun up to 1.0.5. This affects the function index of the file application/index/controller/app/Video.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250587. | ||||
| CVE-2024-0483 | 1 Jifeer | 1 Taokeyun | 2025-06-03 | 6.3 Medium |
| A vulnerability classified as critical was found in Taokeyun up to 1.0.5. This vulnerability affects the function index of the file application/index/controller/app/Task.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250588. | ||||
| CVE-2024-0527 | 1 Cxbsoft | 1 Url-shorting | 2025-06-03 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in CXBSoft Url-shorting up to 1.3.1. This issue affects some unknown processing of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250697 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0530 | 1 Cxbsoft | 1 Post-office | 2025-06-03 | 5.5 Medium |
| A vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reg_go.php of the component HTTP POST Request Handler. The manipulation of the argument username_reg leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250700. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-32814 | 1 Infoblox | 1 Netmri | 2025-06-03 | 9.8 Critical |
| An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur. | ||||
| CVE-2025-5152 | 1 Chanjet | 1 Chanjet Cms | 2025-06-03 | 6.3 Medium |
| A vulnerability classified as critical was found in Chanjet CRM up to 20250510. This vulnerability affects unknown code of the file /activity/newActivityedit.php?DontCheckLogin=1&id=null&ret=mod1. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-46257 | 2 Jc21, Nginxproxymanager | 2 Nginx Proxy Manager, Nginx Proxy Manager | 2025-06-03 | 6.3 Medium |
| A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5. | ||||
| CVE-2023-48863 | 1 Sem-cms | 1 Semcms | 2025-06-03 | 7.5 High |
| SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter, so as to execute unplanned commands or unauthorized access to data. | ||||