Export limit exceeded: 19631 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19631 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-13541 1 Itsourcecode 1 Hospital Management System 2026-06-29 6.3 Medium
A weakness has been identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /doctorchangepassword.php. Executing a manipulation of the argument newpassword can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
CVE-2026-13559 1 Code-projects 1 Real State Services 2026-06-29 7.3 High
A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-list_sale.php?action=add. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-13486 1 Sourcecodester 1 Class And Exam Timetabling System 2026-06-29 7.3 High
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of the argument course_year_section can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-13485 1 Sourcecodester 1 Class And Exam Timetabling System 2026-06-29 7.3 High
A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument course_year_section results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
CVE-2026-13525 1 Codeastro 1 Human Resource Management System 2026-06-29 6.3 Medium
A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employee_model.php of the component Update_Earn_Leave Endpoint. The manipulation of the argument emid results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.
CVE-2026-13531 1 Itsourcecode 1 Hospital Management System 2026-06-29 6.3 Medium
A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /department.php. The manipulation of the argument editid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
CVE-2026-13555 1 Itsourcecode 1 Online Hotel Management System 2026-06-29 7.3 High
A vulnerability was found in itsourcecode Online Hotel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/mod_users/controller.php?action=add. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
CVE-2026-13331 2 Trainingbusinesspros, Wordpress 2 Groundhogg — Crm, Newsletters, And Marketing Automation, Wordpress 2026-06-27 6.5 Medium
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with marketer-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-40083 1 Cacti 1 Cacti 2026-06-27 7.2 High
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selected_items by calling cacti_unserialize(stripslashes(gnrv('selected_graphs_array'))). The cacti_unserialize() function calls unserialize() with allowed_classes set to false, which prevents object injection but still allows arbitrary string arrays to be deserialized. Then, at lines 760 to 766, the deserialized array values are passed directly into db_execute('DELETE FROM snmpagent_managers WHERE id IN (' . implode(',', $selected_items) . ')'), where they are imploded into the SQL statement without any integer validation, resulting in SQL Injection when using SNMP agent management permissions. This issue has been fixed in version 1.2.31.
CVE-2026-57643 2 Afthemes, Wordpress 2 Wp Post Author, Wordpress 2026-06-26 8.5 High
Contributor SQL Injection in WP Post Author <= 3.9.1 versions.
CVE-2026-57653 2 Wordpress, Wpjobportal 2 Wordpress, Wp Job Portal 2026-06-26 8.5 High
Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.
CVE-2026-54825 2 Wordpress, Wpdatatables 2 Wordpress, Wpdatatables 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.
CVE-2026-56064 2 Themefic, Wordpress 2 Tourfic, Wordpress 2026-06-26 8.5 High
Subscriber SQL Injection in Tourfic <= 2.22.5 versions.
CVE-2026-57631 2 Ays-pro, Wordpress 2 Popup Box, Wordpress 2026-06-26 7.6 High
Administrator SQL Injection in Popup box <= 6.0.1 versions.
CVE-2026-57636 2 Tomdever, Wordpress 2 Wpforo Forum, Wordpress 2026-06-26 8.5 High
Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.
CVE-2026-57662 2 Wasiliy Strecker, Wordpress 2 Contest Gallery, Wordpress 2026-06-26 8.5 High
Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.
CVE-2026-54831 2 Paolo, Wordpress 2 Geodirectory, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.
CVE-2026-56070 2 Themehunk, Wordpress 2 Advance Product Search, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
CVE-2026-39951 1 Cacti 1 Cacti 2026-06-26 7.6 High
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31.
CVE-2026-37149 1 Anirudhkannanvp 1 Grocery Store Management System 2026-06-26 7.7 High
GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/search_products.php. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement.