Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2024-13148
CRITICAL CVSS 9.8
Find Similar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection. This issue affects B2B Login Platform:
BillaBear (all versions prior to Jan 2026) contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpol
CVE-2025-8324
CRITICAL CVSS 9.8
Find Similar
Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.
A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST para
The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listing_load_more AJAX handler accepts a filtered_query parameter that is intentiona
A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ad_list.php?action=pass of the component Keyword Filteri
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection. This issue affects E-Commerce Websit
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Flow Zoho Flow zoho-flow allows SQL Injection.This issue affects Zoho Flow: from n/a through
CVE-2025-4822
CRITICAL CVSS 9.8
Find Similar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows SQL Injection. This issue affects ScadaWatt Ot
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in rocketelements Split Test For Elementor split-test-for-elementor allows SQL Injection.This issue a
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option.
index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter b
CVE-2026-42774
CRITICAL CVSS 9.3
Find Similar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1
CVE-2025-39496
CRITICAL CVSS 9.3
Find Similar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injection.This issue affects WooBeWoo Product Filter Pr
CVE-2025-22929
CRITICAL CVSS 9.8
Find Similar
OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the filter_id parameter at /students/StudentFilters.php.
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800
Page 1+ Next →