Export limit exceeded: 359291 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19453 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19453 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47926 | 1 Tecnick | 1 Tcexam | 2026-04-15 | 9.8 Critical |
| Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ||||
| CVE-2021-47708 | 1 Commax | 1 Smart Home System | 2026-04-15 | N/A |
| COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access. | ||||
| CVE-2025-1981 | 2026-04-15 | N/A | ||
| Improper neutralization of input provided by a low-privileged user into a file search functionality in Ready_'s Invoices module allows for SQL Injection attacks. | ||||
| CVE-2024-43969 | 2026-04-15 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12. | ||||
| CVE-2021-47909 | 1 Techraft | 1 Mult-e-cart Ultimate | 2026-04-15 | 8.1 High |
| Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system. | ||||
| CVE-2025-22976 | 2026-04-15 | 7.1 High | ||
| SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder.php" shopId module. | ||||
| CVE-2025-7798 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System up to 8.2. This affects an unknown part of the file /admin/system/structure/getdirectorydata/web/baseinfo/companyManage. The manipulation of the argument Struccture_ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-10740 | 2 Rupok98, Wordpress | 2 Url Shortener Plugin For Wordpress, Wordpress | 2026-04-15 | 6.3 Medium |
| The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify links. | ||||
| CVE-2025-64104 | 2 Langchain, Langchain-ai | 2 Langchain, Langchain | 2026-04-15 | 7.3 High |
| LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. This vulnerability is fixed in 2.0.11. | ||||
| CVE-2025-42889 | 1 Sap | 1 Starter Solution | 2026-04-15 | 5.4 Medium |
| SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability. | ||||
| CVE-2025-55156 | 1 Pyload | 1 Pyload | 2026-04-15 | N/A |
| pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91. | ||||
| CVE-2021-47777 | 1 Ribccs | 1 Build Smart Erp | 2026-04-15 | 8.2 High |
| Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database queries and potentially extract or modify database information. | ||||
| CVE-2019-25299 | 1 Rimbalinux | 1 Ahadpos | 2026-04-15 | 7.1 High |
| RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection techniques to extract information or potentially interact with the underlying database. | ||||
| CVE-2019-25300 | 1 Thejshen | 1 Globitek Cms | 2026-04-15 | 7.1 High |
| thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information. | ||||
| CVE-2019-25303 | 1 Thejshen | 1 Contentmanagementsystem | 2026-04-15 | 7.1 High |
| TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to extract or manipulate database information by crafting malicious query payloads. | ||||
| CVE-2023-3938 | 2026-04-15 | 4.6 Medium | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others. | ||||
| CVE-2024-13474 | 2026-04-15 | 7.5 High | ||
| The LTL Freight Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 2.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-34992 | 2026-04-15 | 8.8 High | ||
| SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets()' | ||||
| CVE-2024-5771 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&_iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-267454 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-13909 | 2 Accredible, Wordpress | 2 Accredible Certificates & Open Badges, Wordpress | 2026-04-15 | 4.9 Medium |
| The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||