Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can mo
Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. A
CVE-2026-33615
CRITICAL CVSS 9.1
Find Similar
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This c
Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parame
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command.
CVE-2024-9972
CRITICAL CVSS 9.8
Find Similar
Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET r
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Scheduling/pages/profile_update.php. Manipulating the parameter username will cause SQL injection attacks.
MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parame
Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. A
SQL Injection vulnerability in Student Record system Using PHP and MySQL v.3.20 allows a remote attacker to obtain sensitive information via a crafted payload to the $cshortname, $cfullname, and $cdat
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter.
ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can sub
A SQL injection vulnerability in manage_client.php and view_cab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. At
Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting maliciou
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter. Attackers c