Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2024-13149
CRITICAL CVSS 9.8
Find Similar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arma Store Armalife allows
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assess
CVE-2025-30971
CRITICAL CVSS 9.3
Find Similar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xavi Ivars XV Random Quotes xv-random-quotes allows SQL Injection.This issue affects XV Random Quo
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserGroupMenu endpoint) in Q-Free MaxTime less than or equal to versio
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Cred
CVE-2024-55976
CRITICAL CVSS 9.3
Find Similar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mikeleembruggen Critical Site Intel critical-site-intel-stats allows SQL Injection.This issue affe
CVE-2025-46248
CRITICAL CVSS 9.3
Find Similar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard allows SQL Injection.This issue affects Fro
CVE-2025-31599
CRITICAL CVSS 9.3
Find Similar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync sync-wc-google allows SQL Injection.This issue affects Bulk Product Sync
SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenticated users to execute arbitrary SQL commands via unspecified vectors.
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vrinsoft CSV Product Import Export for WooCommerce csv-wc-product-import-export.This issue affects
CVE-2025-30524
CRITICAL CVSS 9.3
Find Similar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in origincode Product Catalog displayproduct allows SQL Injection.This issue affects Product Catalog:
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cnilsson iCafe Library icafe-library allows SQL Injection.This issue affects iCafe Library: from n
CVE-2024-12097
CRITICAL CVSS 9.8
Find Similar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection. This issue affects E-Travel: before 15.12.20
CVE-2025-49452
CRITICAL CVSS 9.3
Find Similar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Ladó PostaPanduri postapanduri allows SQL Injection.This issue affects PostaPanduri: from n
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run a