Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.
A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Althoug
A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.
CVE-2025-3011
CRITICAL CVSS 9.8
Find Similar
SOOP-CLM from PiExtract has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ab
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Blind SQL Injection.Th
CVE-2024-9972
CRITICAL CVSS 9.8
Find Similar
Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2026-42647
CRITICAL CVSS 9.3
Find Similar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.
CVE-2024-44349
CRITICAL CVSS 9.8
Find Similar
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in t
A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unknown functionality of the file /superadmin_
CVE-2025-50240
CRITICAL CVSS 9.8
Find Similar
nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin.
A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Radio Player Shoutcast & Icecast WordPress Plugin audio4-html5 allows Blind SQL Injec
Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option.
Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks.
EBM Maintenance Center From EBM Technologies has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database
sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitizati
CVE-2024-42327
CRITICAL CVSS 9.9
Find Similar
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRel
Next Click Ventures RealtyScript 4.0.2 contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting arbitrary SQL code through the GET parame
Page 1+ Next →