Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
1 CRITICAL17 HIGH2 MEDIUM
CVE-2019-25643
HIGH CVSS 8.8
Find Similar
eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attac
NVD RRF 0.016
CVE-2018-25407
HIGH CVSS 8.8
Find Similar
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. At
NVD RRF 0.016
CVE-2018-25406
HIGH CVSS 8.8
Find Similar
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. At
NVD RRF 0.016
CVE-2018-25405
HIGH CVSS 8.8
Find Similar
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. At
NVD RRF 0.016
CVE-2018-25182
HIGH CVSS 8.8
Find Similar
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Atta
NVD RRF 0.015
CVE-2025-12707
HIGH CVSS 7.5
Find Similar
The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied
NVD RRF 0.015
CVE-2019-25732
HIGH CVSS 8.8
Find Similar
PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers
NVD RRF 0.015
CVE-2018-25179
HIGH CVSS 8.8
Find Similar
Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can
NVD RRF 0.015
CVE-2018-25400
HIGH CVSS 8.8
Find Similar
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attac
NVD RRF 0.014
CVE-2019-25640
HIGH CVSS 8.8
Find Similar
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code usin
NVD RRF 0.014
CVE-2017-20249
HIGH CVSS 8.8
Find Similar
Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attack
NVD RRF 0.014
CVE-2024-44349
CRITICAL CVSS 9.8
Find Similar
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in t
NVD RRF 0.014
CVE-2017-20261
HIGH CVSS 8.8
Find Similar
Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product
NVD RRF 0.014
CVE-2025-6468
MEDIUM CVSS 5.5
Find Similar
A vulnerability was found in code-projects Online Bidding System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /bidnow.php. The manipulation of the argumen
fabian
NVD RRF 0.014
CVE-2019-25678
HIGH CVSS 8.8
Find Similar
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through t
gatech
NVD RRF 0.013
CVE-2025-10795
MEDIUM CVSS 5.5
Find Similar
A vulnerability has been found in code-projects Online Bidding System 1.0. This affects an unknown part of the file /administrator/bidupdate.php. The manipulation of the argument ID leads to sql injec
fabian
NVD RRF 0.013
CVE-2019-25503
HIGH CVSS 7.1
Find Similar
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Atta
blondish
NVD RRF 0.013
CVE-2018-25188
HIGH CVSS 8.8
Find Similar
Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers
NVD RRF 0.013
CVE-2018-25415
HIGH CVSS 8.8
Find Similar
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers
NVD RRF 0.013
CVE-2017-20256
HIGH CVSS 8.8
Find Similar
Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter
NVD RRF 0.013
Page 1+ Next →