Export limit exceeded: 18678 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18678 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25713 | 1 Myt | 1 Project Management | 2026-04-13 | 7.1 High |
| MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind, or stacked query payloads to extract sensitive database information or manipulate data. | ||||
| CVE-2026-6193 | 2026-04-13 | 7.3 High | ||
| A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-6191 | 2026-04-13 | 6.3 Medium | ||
| A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-6190 | 2026-04-13 | 6.3 Medium | ||
| A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-39479 | 2 Brainstorm Force, Wordpress | 2 Ottokit, Wordpress | 2026-04-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through <= 1.1.20. | ||||
| CVE-2026-39466 | 2 Wordpress, Wpmu Dev - Your All-in-one Wordpress Platform | 2 Wordpress, Broken Link Checker | 2026-04-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through <= 2.4.7. | ||||
| CVE-2026-6149 | 1 Code-projects | 1 Vehicle Showroom Management System | 2026-04-13 | 7.3 High |
| A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulation of the argument BRANCH_ID can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. | ||||
| CVE-2026-6182 | 2026-04-13 | 7.3 High | ||
| A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-5207 | 2 Chrisbadgett, Wordpress | 2 Lifterlms – Wp Lms For Elearning, Online Courses, & Quizzes, Wordpress | 2026-04-13 | 6.5 Medium |
| The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Instructor-level access and above who have the edit_post capability on the quiz, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-15441 | 2 10web, Wordpress | 2 Form Maker, Wordpress | 2026-04-13 | N/A |
| The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts. | ||||
| CVE-2026-5828 | 1 Code-projects | 1 Simple It Discussion Forum | 2026-04-13 | 7.3 High |
| A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-5823 | 1 Itsourcecode | 1 Construction Management System | 2026-04-13 | 6.3 Medium |
| A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-34185 | 1 Hydrosystem | 1 Control System | 2026-04-13 | N/A |
| Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. Because no protections are in place, an authenticated attacker can inject arbitrary SQL commands, potentially gaining full control over the database.This issue was fixed in Hydrosystem Control System version 9.8.5 | ||||
| CVE-2026-5840 | 1 Phpgurukul | 1 News Portal Project | 2026-04-13 | 4.7 Medium |
| A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-5813 | 1 Phpgurukul | 1 Online Course Registration | 2026-04-13 | 7.3 High |
| A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-4112 | 1 Sonicwall | 1 Sma1000 | 2026-04-13 | N/A |
| Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator. | ||||
| CVE-2026-5814 | 1 Phpgurukul | 1 Online Course Registration | 2026-04-13 | 7.3 High |
| A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-5839 | 1 Phpgurukul | 1 News Portal Project | 2026-04-13 | 4.7 Medium |
| A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescription leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-5829 | 1 Code-projects | 1 Simple It Discussion Forum | 2026-04-13 | 7.3 High |
| A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument post_id causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-5824 | 1 Code-projects | 1 Simple Laundry System | 2026-04-13 | 7.3 High |
| A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | ||||