Export limit exceeded: 19502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19502 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2687 | 1 Campcodes | 1 Online Job Finder System | 2025-04-10 | 6.3 Medium |
| A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/applicants/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257387. | ||||
| CVE-2024-29873 | 2 Sapplica, Sentrifugo | 2 Sentrifugo, Sentrifugo | 2025-04-10 | 9.8 Critical |
| SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. | ||||
| CVE-2022-4059 | 1 Blocksera | 1 Cryptocurrency Widgets Pack | 2025-04-10 | 9.8 Critical |
| The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | ||||
| CVE-2025-26605 | 1 Wegia | 1 Wegia | 2025-04-10 | 8.8 High |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-2944 | 1 Campcodes | 1 Online Examination System | 2025-04-10 | 6.3 Medium |
| A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. This issue affects some unknown processing of the file /adminpanel/admin/query/deleteCourseExe.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258035. | ||||
| CVE-2024-5314 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-10 | 9.1 Critical |
| Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in /dolibarr/admin/dict.php. | ||||
| CVE-2024-5315 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-10 | 9.1 Critical |
| Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in /dolibarr/commande/list.php. | ||||
| CVE-2022-4360 | 1 Wp Rss By Publishers Project | 1 Wp Rss By Publishers | 2025-04-10 | 7.2 High |
| The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | ||||
| CVE-2024-28107 | 2 Phpmyfaq, Thorsten | 2 Phpmyfaq, Phpmyfaq | 2025-04-10 | 8.8 High |
| phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6. | ||||
| CVE-2024-57631 | 1 Monetdb | 1 Monetdb | 2025-04-10 | 7.5 High |
| An issue in the exp_ref component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57632 | 1 Monetdb | 1 Monetdb | 2025-04-10 | 7.5 High |
| An issue in the is_column_unique component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57633 | 1 Monetdb | 1 Monetdb | 2025-04-10 | 7.5 High |
| An issue in the exps_bind_column component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57634 | 1 Monetdb | 1 Monetdb | 2025-04-10 | 7.5 High |
| An issue in the exp_copy component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57624 | 1 Monetdb | 1 Monetdb | 2025-04-10 | 7.5 High |
| An issue in the exp_atom component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57625 | 1 Monetdb | 1 Monetdb | 2025-04-10 | 7.5 High |
| An issue in the merge_table_prune_and_unionize component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57626 | 1 Monetdb | 1 Monetdb | 2025-04-10 | 7.5 High |
| An issue in the mat_join2 component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57627 | 1 Monetdb | 1 Monetdb | 2025-04-10 | 7.5 High |
| An issue in the gc_col component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57628 | 1 Monetdb | 1 Monetdb | 2025-04-10 | 7.5 High |
| An issue in the exp_values_set_supertype component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57629 | 1 Monetdb | 1 Monetdb | 2025-04-10 | 7.5 High |
| An issue in the tail_type component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57630 | 1 Monetdb | 1 Monetdb | 2025-04-10 | 7.5 High |
| An issue in the exps_card component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||