Export limit exceeded: 10202 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19746 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19746 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-55721 1 Stonefly 2 Storage Concentrator, Storage Concentrator Virtual Machine 2026-07-06 9.3 Critical
Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those queries and extract sensitive information from the underlying database, including session tokens, password hashes, and stored secret keys.
CVE-2026-34099 1 Guardian 1 Language-system 2026-07-06 9.8 Critical
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info.php (line 16): SELECT * FROM jobs where id = '\".$_GET['id'].\"'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current user, schema names, and table contents.
CVE-2026-34100 1 Guardian 1 Language-system 2026-07-06 9.8 Critical
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
CVE-2026-34101 1 Guardian 1 Language-system 2026-07-06 9.8 Critical
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
CVE-2026-34102 1 Guardian 1 Language-system 2026-07-06 9.8 Critical
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info_get.php (line 16): SELECT * FROM jobs where input1 = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
CVE-2026-34103 1 Guardian 1 Language-system 2026-07-06 9.8 Critical
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php (line 16): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
CVE-2026-34104 1 Guardian 1 Language-system 2026-07-06 9.8 Critical
Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php (line 124): SELECT * FROM complex WHERE name='\".$_GET['name'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
CVE-2026-34105 1 Guardian 1 Language-system 2026-07-06 9.8 Critical
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translate_text.php (line 15): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
CVE-2026-57683 2 Epsiloncool, Wordpress 2 Wp Fast Total Search, Wordpress 2026-07-06 9.3 Critical
Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions.
CVE-2026-57756 2 Wordpress, 友人a丶 2 Wordpress, Nicen-localize-image 2026-07-06 8.5 High
Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions.
CVE-2026-4321 1 Raera 1 Destekz 2026-07-06 9.8 Critical
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported.
CVE-2026-14659 1 Itsourcecode 1 Hospital Management System 2026-07-06 6.3 Medium
A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-14809 2026-07-06 7.5 High
Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2026-14755 1 Code-projects 1 Hotel And Tourism Reservation 2026-07-06 7.3 High
A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/reservations.php of the component Reservations Management Page. The manipulation of the argument delete leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-14743 1 Code-projects 1 Real State Services 2026-07-06 7.3 High
A vulnerability was identified in code-projects Real State Services 1.0. The impacted element is an unknown function of the file /normalHomeSale.php. Such manipulation of the argument loc leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2026-14653 1 Sourcecodester 1 Simple And Nice Shopping Cart Script 2026-07-06 7.3 High
A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument user_id causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVE-2026-14734 1 Sourcecodester 1 Class And Exam Timetabling System 2026-07-06 7.3 High
A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_product.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2026-14701 1 Code-projects 1 Internship Management System 2026-07-06 6.3 Medium
A vulnerability was detected in code-projects Internship Management System 1.0. This affects an unknown function of the file employer/details/change_password.php of the component Password Change Endpoint. The manipulation of the argument Current results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
CVE-2026-14640 1 Codeastro 1 Apartment Visitor Management System 2026-07-06 7.3 High
A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
CVE-2026-14648 1 Code-projects 1 Online Voting System 2026-07-06 7.3 High
A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function test_input of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.