Total
17681 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-37033 | 2026-02-03 | N/A | 8.2 HIGH | ||
| Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_name' parameter to potentially extract or modify database information. | |||||
| CVE-2020-37057 | 2026-02-03 | N/A | 8.2 HIGH | ||
| Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information. | |||||
| CVE-2020-37035 | 2026-02-03 | N/A | 8.2 HIGH | ||
| e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive database information. | |||||
| CVE-2020-37051 | 2026-02-03 | N/A | 8.2 HIGH | ||
| Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters. | |||||
| CVE-2021-47918 | 2026-02-03 | N/A | 8.1 HIGH | ||
| Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application. | |||||
| CVE-2020-37053 | 2026-02-03 | N/A | 7.1 HIGH | ||
| Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts. | |||||
| CVE-2025-8587 | 2026-02-03 | N/A | 8.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026. | |||||
| CVE-2026-1746 | 2026-02-03 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5319 | 2026-02-03 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Emit Information and Communication Technologies Industry and Trade Ltd. Co. Efficiency Management System allows SQL Injection.This issue affects Efficiency Management System: through 03022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-25022 | 2026-02-03 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.16. | |||||
| CVE-2026-1432 | 2026-02-03 | N/A | N/A | ||
| SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon' component. This vulnerability is present in several parameters that do not correctly sanitize user input in the endpoint '/sta/CarpetaPublic/doEvent?APP_CODE=STA&PAGE_CODE=TABLON'. Exploiting this vulnerability could allow an attacker to execute queries on the database and gain access to confidential information. | |||||
| CVE-2026-21856 | 1 Tarkov | 1 Tarkov Data Manager | 2026-02-03 | N/A | 7.2 HIGH |
| The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against the MySQL database. Commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 contains a patch. | |||||
| CVE-2025-69562 | 1 Fabian | 1 Mobile Shop Management System | 2026-02-03 | N/A | 9.8 CRITICAL |
| code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter. | |||||
| CVE-2025-69563 | 1 Fabian | 1 Mobile Shop Management System | 2026-02-03 | N/A | 9.8 CRITICAL |
| code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExLogin.php via the Password parameter. | |||||
| CVE-2025-36588 | 1 Dell | 2 Unisphere For Powermax, Unisphere For Powermax Virtual Appliance | 2026-02-03 | N/A | 8.8 HIGH |
| Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | |||||
| CVE-2026-1535 | 1 Fabian | 1 Online Music Site | 2026-02-02 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Administrator/PHP/AdminReply.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-1534 | 1 Fabian | 1 Online Music Site | 2026-02-02 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-1593 | 1 Angeljudesuarez | 1 Society Management System | 2026-02-02 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_expenses_query.php. Executing a manipulation of the argument detail can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-1594 | 1 Angeljudesuarez | 1 Society Management System | 2026-02-02 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_expenses.php. The manipulation of the argument detail leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-1595 | 1 Angeljudesuarez | 1 Society Management System | 2026-02-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_student_query.php. The manipulation of the argument student_id results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. | |||||