Export limit exceeded: 23531 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19732 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19732 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-41271 1 Sap 1 Netweaver Process Integration 2025-04-22 9.4 Critical
An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to: * Read any information * Modify sensitive information * Denial of Service attacks (DoS) * SQL Injection
CVE-2022-46126 1 Helmet Store Showroom Site Project 1 Helmet Store Showroom Site 2025-04-21 7.2 High
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=.
CVE-2022-46125 1 Helmet Store Showroom Site Project 1 Helmet Store Showroom Site 2025-04-21 7.2 High
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=.
CVE-2022-46124 1 Helmet Store Showroom Site Project 1 Helmet Store Showroom Site 2025-04-21 7.2 High
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=.
CVE-2022-46123 1 Helmet Store Showroom Site Project 1 Helmet Store Showroom Site 2025-04-21 7.2 High
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=.
CVE-2024-57760 1 Jeewms 1 Jeewms 2025-04-21 6.5 Medium
JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java.
CVE-2024-52724 1 Zzcms 1 Zzcms 2025-04-21 9.8 Critical
ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php.
CVE-2022-41272 1 Sap 1 Netweaver Process Integration 2025-04-21 9.9 Critical
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application.
CVE-2024-50713 1 Smarts-srl 1 Smart Agent 2025-04-21 9.8 Critical
SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/interface.php.
CVE-2024-50716 1 Smarts-srl 1 Smart Agent 2025-04-21 9.8 Critical
SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the id parameter in the /sendPushManually.php component.
CVE-2022-46127 1 Helmet Store Showroom Site Project 1 Helmet Store Showroom Site 2025-04-21 7.2 High
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product.
CVE-2021-31650 1 Online Grading System Project 1 Online Grading System 2025-04-21 9.8 Critical
A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter.
CVE-2022-24281 1 Siemens 1 Sinec Network Management System 2025-04-21 7.2 High
A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application.
CVE-2014-2023 1 Tapatalk 1 Tapatalk 2025-04-20 N/A
Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/.
CVE-2017-17594 1 Domainsale Php Script Project 1 Domainsale Php Script 2025-04-20 N/A
DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.
CVE-2015-4724 1 Concretecms 1 Concrete Cms 2025-04-20 N/A
SQL injection vulnerability in Concrete5 5.7.3.1.
CVE-2017-17602 1 Advance B2b Script Project 1 Advance B2b Script 2025-04-20 N/A
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
CVE-2015-7390 1 Testlink 1 Testlink 2025-04-20 N/A
SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.
CVE-2017-17592 1 Website Auction Marketplace Project 1 Website Auction Marketplace 2025-04-20 N/A
Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.
CVE-2017-17591 1 Realestate Crowdfunding Script Project 1 Realestate Crowdfunding Script 2025-04-20 N/A
Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.