Export limit exceeded: 363351 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363351 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19686 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19686 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-2956 1 Igreks 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem 2025-04-12 N/A
SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-7355 1 Sap 1 Bi Universal Data Integration 2025-04-12 N/A
SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema.
CVE-2015-5641 1 Basercms 1 Basercms 2025-04-12 N/A
SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5642 1 Icz 1 Matchasns 2025-04-12 N/A
Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-2081 1 Iii 1 Vtls-virtua 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
CVE-2013-7406 1 Mrbs Project 1 Mrbs 2025-04-12 N/A
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-2022 1 Vbulletin 1 Vbulletin 2025-04-12 N/A
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
CVE-2015-5648 1 Loenshotel 1 Phprechnung 2025-04-12 N/A
SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-6548 1 Symantec 1 Web Gateway 2025-04-12 N/A
Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-3275 1 Cisco 1 Identity Services Engine Software 2025-04-12 N/A
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337.
CVE-2015-6659 1 Drupal 1 Drupal 2025-04-12 N/A
SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.
CVE-2015-5599 1 Powerplay Gallery Project 1 Powerplay Gallery 2025-04-12 N/A
Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter.
CVE-2016-9481 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.
CVE-2014-10004 1 Maianscriptworld 1 Maian Uploader 2025-04-12 N/A
SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2016-4837 1 Ec-cube 1 Discount Coupon 2025-04-12 9.8 Critical
SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-1609 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2025-04-12 N/A
Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608.
CVE-2014-1608 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2025-04-12 N/A
SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.
CVE-2016-3675 1 Huawei 2 Policy Center, Policy Center Firmware 2025-04-12 8.1 High
SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases.
CVE-2014-100012 1 Sendy 1 Sendy 2025-04-12 N/A
SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter.
CVE-2016-5048 1 Readydesk 1 Readydesk 2025-04-12 N/A
SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field.