Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
20 results
A vulnerability was found in Baison Channel Middleware Product 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file /e3api/api/main/ToJsonByControlName. T
CVE-2025-12462
CRITICAL CVSS 9.3
Find Similar
A Blind SQL injection vulnerability has been identified in DobryCMS.  A remote unauthenticated attacker is able to inject SQL syntax into URL path in multiple parameters resulting in Blind SQL Injecti
CVE-2025-61385
CRITICAL CVSS 9.6
Find Similar
SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal.
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQ
A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request.
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized databas
CVE-2024-55099
CRITICAL CVSS 9.8
Find Similar
A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database
CVE-2026-38581
CRITICAL CVSS 9.8
Find Similar
SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) a
Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can s
A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST r
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan binary-mlm-plan allows SQL Injection.This issue affects Binar
CVE-2025-25389
CRITICAL CVSS 9.8
Find Similar
A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request para
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdistillery Navigation Tree Elementor navigation-tree-elementor allows Blind SQL Injection.This i
A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. This vulnerability affects the function update of the f
uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter. Attackers
A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to s
CVE-2025-26855
CRITICAL CVSS 9.8
Find Similar
A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands.
A SQL Injection vulnerability has been identified in EPICOR Prophet 21 (P21) up to 23.2.5232. This vulnerability allows authenticated remote attackers to execute arbitrary SQL commands through unsanit
CVE-2025-52694
CRITICAL CVSS 9.8
Find Similar
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet
← Previous Page 5