Export limit exceeded: 18879 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18879 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2052 | 1 Campcodes | 1 Advanced Online Voting System | 2026-03-18 | 6.3 Medium |
| A vulnerability classified as critical was found in Campcodes Advanced Online Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ballot_down.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225937 was assigned to this vulnerability. | ||||
| CVE-2023-2054 | 1 Campcodes | 1 Advanced Online Voting System | 2026-03-18 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /admin/positions_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225939. | ||||
| CVE-2023-2051 | 1 Campcodes | 1 Advanced Online Voting System | 2026-03-18 | 6.3 Medium |
| A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/positions_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225936. | ||||
| CVE-2023-2053 | 1 Campcodes | 1 Advanced Online Voting System | 2026-03-18 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Campcodes Advanced Online Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/candidates_row.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225938 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-2075 | 1 Campcodes | 1 Online Traffic Offense Management System | 2026-03-17 | 6.3 Medium |
| A vulnerability classified as critical has been found in Campcodes Online Traffic Offense Management System 1.0. This affects an unknown part of the file /admin/offenses/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226053 was assigned to this vulnerability. | ||||
| CVE-2023-2073 | 1 Campcodes | 1 Online Traffic Offense Management System | 2026-03-17 | 7.3 High |
| A vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Login.php. The manipulation of the argument password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226051. | ||||
| CVE-2023-2074 | 1 Campcodes | 1 Online Traffic Offense Management System | 2026-03-17 | 6.3 Medium |
| A vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226052. | ||||
| CVE-2025-67644 | 2 Langchain, Langchain-ai | 4 Langchain, Langgraph-checkpoint-sqlite, Langchain and 1 more | 2026-03-17 | 7.3 High |
| LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through metadata filter keys, affecting applications that accept untrusted metadata filter keys (not just filter values) in checkpoint search operations. The _metadata_predicate() function constructs SQL queries by interpolating filter keys directly into f-strings without validation. This issue is fixed in version 3.0.1. | ||||
| CVE-2018-25187 | 1 Tina4 | 1 Tina4 Stack | 2026-03-16 | 8.2 High |
| Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the menu endpoint to manipulate database queries. | ||||
| CVE-2025-8587 | 2 Akce, Akceyazilim | 2 Skspro, Skspro | 2026-03-16 | 8.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026. | ||||
| CVE-2006-5840 | 1 Abarcar | 1 Abarcar Realty Portal | 2026-03-13 | N/A |
| Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. NOTE: the vendor has notified CVE that the current version only creates static pages, and that slistl.php/slid never existed in any version | ||||
| CVE-2025-49784 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer-bigdata, Fortianalyzer Big Data | 2026-03-12 | 5.6 Medium |
| An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. | ||||
| CVE-2020-37057 | 2 Nayem-howlader, Sunnygkp10 | 3 Online Exam System, Online-exam-system, Online-exam-system- | 2026-03-12 | 8.2 High |
| Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information. | ||||
| CVE-2020-37051 | 2 Nayem-howlader, Sunnygkp10 | 3 Online Exam System, Online-exam-system, Online-exam-system- | 2026-03-12 | 8.2 High |
| Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters. | ||||
| CVE-2025-45809 | 1 Litellm | 1 Litellm | 2026-03-12 | 5.4 Medium |
| SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key parameter to the "/key/block" and "/key/unblock" API endpoints. | ||||
| CVE-2023-39417 | 3 Debian, Postgresql, Redhat | 10 Debian Linux, Postgresql, Advanced Cluster Security and 7 more | 2026-03-12 | 7.5 High |
| IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | ||||
| CVE-2018-25199 | 2 Tomalofficial, Zsoft | 2 Php Oop Cms Blog, Oop Cms Blog | 2026-03-11 | 8.2 High |
| OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id parameter in posts.php to extract database information including table names, schema names, and database credentials. | ||||
| CVE-2025-40639 | 2 Eventobot, Sbitsoft | 2 Eventobot, Eventobot | 2026-03-10 | 9.8 Critical |
| A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo_send' parameter in the '/assets/php/calculate_discount.php'. | ||||
| CVE-2025-10969 | 2 Farktor, Farktor Software E-commerce Services Inc. | 2 E-commerce Package, E-commerce Package | 2026-03-10 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issue affects E-Commerce Package: through 27112025. | ||||
| CVE-2025-7714 | 2 Global Interactive Design Media Software, Globalmedya | 2 Content Management System, Content Management System | 2026-03-10 | 7.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows Command Line Execution through SQL Injection.This issue affects Content Management System (CMS): through 21072025. | ||||