Search Results (37408 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-24100 1 Carmelo 1 Computer Book Store 2025-04-10 8.3 High
Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID.
CVE-2024-24096 2 Carmelo, Code-projects 2 Computer Book Store, Computer Book Store 2025-04-10 7.8 High
Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN.
CVE-2007-10001 1 Web-cyradm Project 1 Web-cyradm 2025-04-10 3.5 Low
A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this vulnerability.
CVE-2022-40049 1 Theme Park Ticketing System Project 1 Theme Park Ticketing System 2025-04-10 7.5 High
SQL injection vulnerability in sourcecodester Theme Park Ticketing System 1.0 allows remote attackers to view sensitive information via the id parameter to the /tpts/manage_user.php page.
CVE-2022-39072 1 Zte 4 Mf286r, Mf286r Firmware, Mf289d and 1 more 2025-04-10 5.4 Medium
There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks.
CVE-2024-28279 2 Carmelo, Code-projects 2 Computer Book Store, Computer Book Store 2025-04-10 7.3 High
Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=.
CVE-2022-22338 1 Ibm 1 Sterling B2b Integrator 2025-04-10 6.3 Medium
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510.
CVE-2024-39933 1 Gogs 1 Gogs 2025-04-10 7.7 High
Gogs through 0.13.0 allows argument injection during the tagging of a new release.
CVE-2024-30985 1 Phpgurukul 1 Client Management System 2025-04-10 9.8 Critical
SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters.
CVE-2024-30990 1 Phpgurukul 1 Client Management System 2025-04-10 9.8 Critical
SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter.
CVE-2025-0272 1 Hcltechsw 2 Hcl Devops Deploy, Hcl Launch 2025-04-10 5.4 Medium
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVE-2014-125046 1 Cub-scout-tracker Project 1 Cub-scout-tracker 2025-04-10 5.5 Medium
A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The patch is named b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217551.
CVE-2022-47523 1 Zohocorp 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro 2025-04-09 9.8 Critical
Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.
CVE-2022-25721 1 Qualcomm 90 Aqt1000, Aqt1000 Firmware, Mdm9150 and 87 more 2025-04-09 6.7 Medium
Memory corruption in video driver due to type confusion error during video playback
CVE-2022-4719 1 Ikus-soft 1 Rdiffweb 2025-04-09 9.8 Critical
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5.
CVE-2025-3119 1 Oretnom23 1 Online Tutor Portal 2025-04-09 6.3 Medium
A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /tutor/courses/manage_course.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3137 1 Phpgurukul 1 Online Security Guards Hiring System 2025-04-09 7.3 High
A vulnerability, which was classified as critical, was found in PHPGurukul Online Security Guards Hiring System 1.0. Affected is an unknown function of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3138 1 Phpgurukul 1 Online Security Guards Hiring System 2025-04-09 7.3 High
A vulnerability has been found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3140 1 Oretnom23 1 Online Medicine Ordering System 2025-04-09 6.3 Medium
A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /view_category.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3141 1 Oretnom23 1 Online Medicine Ordering System 2025-04-09 6.3 Medium
A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.