Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
20 HIGH
CVE-2018-25182
HIGH CVSS 8.8
Find Similar
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Atta
NVD RRF 0.016
CVE-2018-25400
HIGH CVSS 8.8
Find Similar
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attac
NVD RRF 0.016
CVE-2019-25732
HIGH CVSS 8.8
Find Similar
PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers
NVD RRF 0.016
CVE-2019-25751
HIGH CVSS 8.8
Find Similar
Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST para
NVD RRF 0.016
CVE-2019-25668
HIGH CVSS 8.8
Find Similar
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers ca
phpscriptsmall
NVD RRF 0.015
CVE-2019-25503
HIGH CVSS 7.1
Find Similar
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Atta
blondish
NVD RRF 0.015
CVE-2017-20253
HIGH CVSS 8.8
Find Similar
Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parame
NVD RRF 0.015
CVE-2019-25730
HIGH CVSS 8.8
Find Similar
Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can se
NVD RRF 0.015
CVE-2019-25643
HIGH CVSS 8.8
Find Similar
eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attac
NVD RRF 0.014
CVE-2017-20249
HIGH CVSS 8.8
Find Similar
Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attack
NVD RRF 0.014
CVE-2019-25533
HIGH CVSS 8.8
Find Similar
Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. A
NVD RRF 0.014
CVE-2020-37035
HIGH CVSS 8.8
Find Similar
e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject
NVD RRF 0.014
CVE-2019-25500
HIGH CVSS 8.8
Find Similar
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can sen
simplejobscript
NVD RRF 0.014
CVE-2019-25638
HIGH CVSS 7.1
Find Similar
Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. A
NVD RRF 0.014
CVE-2018-25414
HIGH CVSS 8.8
Find Similar
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers ca
NVD RRF 0.013
CVE-2019-25443
HIGH CVSS 8.8
Find Similar
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicio
NVD RRF 0.013
CVE-2018-25188
HIGH CVSS 8.8
Find Similar
Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers
NVD RRF 0.013
CVE-2026-2236
HIGH CVSS 8.7
Find Similar
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
NVD RRF 0.013
CVE-2017-20245
HIGH CVSS 8.8
Find Similar
Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST paramet
NVD RRF 0.013
CVE-2016-20065
HIGH CVSS 8.8
Find Similar
Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the select
NVD RRF 0.013
Page 1+ Next →