Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A cross-site scripting (XSS) vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into th
The login form of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.283.4) at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUserna
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5
A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /view_product.php of the component HTTP POST Request H
CVE-2024-9921
CRITICAL CVSS 9.8
Find Similar
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database co
CVE-2024-48465
CRITICAL CVSS 9.8
Find Similar
The MRBS version 1.5.0 has an SQL injection vulnerability in the edit_entry_handler.php file, specifically in the rooms%5B%5D parameter
A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' paramet
A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL
An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Inj
A vulnerability was detected in campcodes Advanced Online Examination System 1.0. This affects an unknown function of the file /query/loginExe.php. Performing a manipulation of the argument Username r
A vulnerability, which was classified as critical, has been found in code-projects Staff Audit System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the ar
A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql
CVE-2026-39530
CRITICAL CVSS 9.3
Find Similar
Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions.
Page 1+ Next →