Total
17686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0103 | 1 Paloaltonetworks | 1 Expedition | 2026-01-23 | N/A | 8.8 HIGH |
| An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system. | |||||
| CVE-2024-7930 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2026-01-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/get_packings.php. The manipulation of the argument medicine_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-30886 | 1 Joomsky | 1 Js Help Desk | 2026-01-23 | N/A | 9.3 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2. | |||||
| CVE-2025-31910 | 1 Reputeinfosystems | 1 Bookingpress | 2026-01-23 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28. | |||||
| CVE-2024-7871 | 1 Easytest | 1 Easytest Online Test Platform | 2026-01-23 | N/A | 8.8 HIGH |
| SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter. | |||||
| CVE-2023-7123 | 1 Oretnom23 | 1 Medicine Tracker System | 2026-01-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracking System 1.0. This issue affects some unknown processing of the file /classes/Master.php? f=save_medicine. The manipulation of the argument id/name/description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249095. | |||||
| CVE-2022-47151 | 1 Joomsky | 1 Js Help Desk | 2026-01-23 | N/A | 8.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | |||||
| CVE-2020-25760 | 1 Projectworlds | 1 Visitor Management System | 2026-01-23 | 6.5 MEDIUM | 8.8 HIGH |
| Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database. | |||||
| CVE-2024-7841 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2026-01-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System 1.0. This vulnerability affects unknown code of the file /pms/ajax/check_user_name.php. The manipulation of the argument user_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-67081 | 1 Itflow | 1 Itflow | 2026-01-23 | N/A | 4.9 MEDIUM |
| An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises from insufficient sanitizing on integer parameter. | |||||
| CVE-2025-67811 | 1 Area9lyceum | 1 Rhapsode Learner | 2026-01-23 | N/A | 6.5 MEDIUM |
| Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond. | |||||
| CVE-2025-51626 | 1 Xiaoliuchu | 1 Pss.sale.com | 2026-01-22 | N/A | 6.5 MEDIUM |
| SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancel_order.php endpoint. | |||||
| CVE-2025-67281 | 1 Tim-solutions | 1 Tim Flow | 2026-01-22 | N/A | 5.4 MEDIUM |
| In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content. | |||||
| CVE-2025-15496 | 1 Guchengwuyue | 1 Yshopmall | 2026-01-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2022-50892 | 1 Viaviweb | 1 Wallpaper Admin | 2026-01-22 | N/A | 8.2 HIGH |
| VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface. | |||||
| CVE-2024-32706 | 1 Reputeinfosystems | 1 Arforms | 2026-01-22 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4. | |||||
| CVE-2025-59389 | 1 Qnap | 1 Hyper Data Protector | 2026-01-22 | N/A | 9.8 CRITICAL |
| An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: Hyper Data Protector 2.2.4.1 and later | |||||
| CVE-2026-0597 | 1 Campcodes | 1 Supplier Management System | 2026-01-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. | |||||
| CVE-2026-0582 | 1 Angeljudesuarez | 1 Society Management System | 2026-01-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-0733 | 1 Phpgurukul | 1 Online Course Registration System | 2026-01-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||