Export limit exceeded: 354389 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19216 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6191 | 1 Webpdks | 2 Egehan Security, Webpdks | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egehan Security WebPDKS allows SQL Injection. This issue affects WebPDKS: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6173 | 2026-05-20 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeoSOFT Software TeoBASE allows SQL Injection. This issue affects TeoBASE: through 27032024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5155 | 1 Utarit | 2 Solipay Mobile, Solipay Mobile App | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection. This issue affects SoliPay Mobile App: before 5.0.8. | ||||
| CVE-2023-6436 | 1 Ekolbilisim | 1 Web Sablonu Yazilimi | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection. This issue affects Website Template: through 20231215. | ||||
| CVE-2023-6441 | 2 Uni-pa University Marketing And Computer Internet Trade Inc, Unipa | 2 University Information System, University Information System | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. University Information System allows SQL Injection. This issue affects University Information System: before 12.12.2023. | ||||
| CVE-2026-8726 | 1 Typo3 | 1 Extension "news System" | 2026-05-20 | N/A |
| The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin to be in use and the TypoScript/Plugin setting disableOverrideDemand not to be enabled. | ||||
| CVE-2026-8827 | 1 Typo3 | 1 Extension "address List" | 2026-05-20 | N/A |
| The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call this method with untrusted input would expose the site to SQL injection. | ||||
| CVE-2026-5586 | 1 Zhongyu09 | 1 Openchatbi | 2026-05-20 | 6.3 Medium |
| A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2023-6677 | 1 Oduyo | 1 Online Collection | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2. | ||||
| CVE-2023-7081 | 1 Postahsil | 1 Online Payment System | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection. This issue affects Online Payment System: before 14.02.2024. | ||||
| CVE-2022-0495 | 1 Parantezteknoloji | 1 Koha Library Automation | 2026-05-20 | 9.4 Critical |
| The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01. | ||||
| CVE-2022-1277 | 1 Inavitas | 1 Solar Log | 2026-05-20 | 9.4 Critical |
| Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. | ||||
| CVE-2022-2177 | 1 Kayrasoft | 1 Kayrasoft | 2026-05-20 | 9.4 Critical |
| Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | ||||
| CVE-2022-2315 | 1 Databank | 1 Accreditation Tracking\/presentation Module | 2026-05-20 | 9.4 Critical |
| Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | ||||
| CVE-2022-2504 | 1 Sdd-baro Project | 1 Sdd-baro | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection. This issue affects SDD-Baro: before 2.8.432. | ||||
| CVE-2022-2807 | 1 Algan | 1 Prens Student Information System | 2026-05-20 | 9.8 Critical |
| SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection. This issue affects Prens Student Information System: before 2.1.11. | ||||
| CVE-2022-3760 | 1 Miateknoloji | 1 Mia-med | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med. This issue affects Mia-Med: before 1.0.0.58. | ||||
| CVE-2022-3792 | 1 Gullseye | 1 Gullseye Terminal Operating System | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GullsEye GullsEye terminal operating system allows SQL Injection. This issue affects GullsEye terminal operating system: from unspecified before 5.0.13. | ||||
| CVE-2022-4422 | 1 Bulutses | 1 Bulutdesk Callcenter | 2026-05-20 | 9.8 Critical |
| Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0 | ||||
| CVE-2026-8724 | 1 Dataease | 1 Dataease | 2026-05-19 | 4.7 Medium |
| A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file SqlparserUtils.java of the component Data Dashboard. The manipulation results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure. | ||||