Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers c
A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/member_save.php. The man
Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the l
A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST r
A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/member_update.php. The m
Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Atta
A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument login_username leads to sql inje
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient in
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers
CVE-2026-1479
CRITICAL CVSS 9.3
Find Similar
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in
A vulnerability was found in code-projects Online Bus Reservation Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The mani
A vulnerability has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /loginuser.php of the component Login. The manipulation of the argument Username l
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Scheduling/pages/profile_update.php. Manipulating the parameter username will cause SQL injection attacks.
A vulnerability classified as critical has been found in SourceCodester Electric Billing Management System 1.0. This affects an unknown part of the file /Actions.php?a=login. The manipulation of the a
A vulnerability was detected in Montodel House-Rental-Management up to 90010017b81265eb1ef3810268909f7719a33863. Affected by this issue is some unknown functionality of the file /login.php. The manipu
Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can se
CVE-2024-44541
CRITICAL CVSS 9.8
Find Similar
evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."
WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. Attackers can send GET r
CVE-2024-6527
CRITICAL CVSS 9.3
Find Similar
SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator's token to modify the
A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argume