Total
18779 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15420 | 1 Yonyou | 1 Ksoa | 2026-02-23 | 7.3 High |
| A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15410 | 2 Anisha, Code-projects | 2 Online Guitar Store, Online Guitar Store | 2026-02-23 | 7.3 High |
| A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument L_email leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-15407 | 2 Anisha, Code-projects | 2 Online Guitar Store, Online Guitar Store | 2026-02-23 | 7.3 High |
| A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. Such manipulation of the argument dre_Ctitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-55320 | 1 Microsoft | 5 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 2 more | 2026-02-22 | 6.8 Medium |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network. | ||||
| CVE-2024-38889 | 1 Horizoncloud | 1 Caterease | 2026-02-20 | 9.6 Critical |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command. | ||||
| CVE-2020-37151 | 1 Ciprianmp | 1 Phpmychat-plus | 2026-02-20 | 8.2 High |
| phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field. | ||||
| CVE-2025-70397 | 1 Jizhicms | 1 Jizhicms | 2026-02-19 | 7.2 High |
| jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter. | ||||
| CVE-2022-50694 | 1 Sound4 | 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more | 2026-02-18 | 9.8 Critical |
| SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access unauthorized database information. | ||||
| CVE-2025-70981 | 2 Cordys, Fit2cloud | 2 Cordyscrm, Cordys Crm | 2026-02-18 | 9.8 Critical |
| CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter. | ||||
| CVE-2022-31348 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=. | ||||
| CVE-2022-31354 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service. | ||||
| CVE-2022-31344 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. | ||||
| CVE-2022-31347 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. | ||||
| CVE-2022-31346 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. | ||||
| CVE-2022-31351 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. | ||||
| CVE-2022-31343 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. | ||||
| CVE-2022-31350 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=. | ||||
| CVE-2022-31353 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. | ||||
| CVE-2022-31352 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. | ||||
| CVE-2022-31345 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 9.8 Critical |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. | ||||