Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800
A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation
CVE-2023-37777
CRITICAL CVSS 9.8
Find Similar
A SQL injection vulnerability exists in Synnefo Internet Management Software (IMS) version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint param
CVE-2024-42562
CRITICAL CVSS 9.8
Find Similar
Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php.
Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.
A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to s
CVE-2024-42782
CRITICAL CVSS 9.8
Find Similar
A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter.
CVE-2025-1875
CRITICAL CVSS 9.3
Find Similar
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "searchtitle" parameter in search.php.
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attac
CVE-2024-42568
CRITICAL CVSS 9.8
Find Similar
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php.
A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library M
A vulnerability, which was classified as critical, has been found in code-projects Vehicle Management 1.0. This issue affects some unknown processing of the file /filter2.php. The manipulation of the
A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.
CVE-2024-43040
CRITICAL CVSS 9.1
Find Similar
Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo.
MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.
CVE-2024-42572
CRITICAL CVSS 9.8
Find Similar
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php.
A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetData