Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A security vulnerability has been detected in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This impacts an unknown function of the file model/User.php. The manipul
A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. The affected element is an unknown function of the file /admin/fetch_product_details.php. The manipulation of the argu
A vulnerability was found in code-projects Jonnys Liquor 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /browse.php. The manipulation of the argum
CVE-2026-54419
CRITICAL CVSS 9.3
Find Similar
claudiopizzillo PIAF-HMS (PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5) contains multiple unauthenticated SQL injection vulnerab
Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attack
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sen
CVE-2026-1477
CRITICAL CVSS 9.3
Find Similar
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in
CVE-2026-44381
CRITICAL CVSS 9.3
Find Similar
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow a
A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/
CVE-2026-1475
CRITICAL CVSS 9.3
Find Similar
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in
A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.
A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation l
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a throu
CVE-2025-10266
CRITICAL CVSS 9.3
Find Similar
NUP Pro developed by NewType Infortech has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0. This affects an unknown part of the file admin_delete.php. The manipulation of the a
A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the
Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid al
CVE-2026-1483
CRITICAL CVSS 9.3
Find Similar
An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in
A vulnerability was determined in code-projects Student Result Manager 1.0. This affects an unknown function of the file src/students/Database.java. This manipulation of the argument roll/name/gpa cau
An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id paramete