Export limit exceeded: 17932 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (17932 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2094 | 1 Flowring | 1 Docpedia | 2026-02-10 | 8.8 High |
| Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2024-5653 | 1 Chanjetvip | 1 T\+ | 2026-02-10 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-267185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-62392 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62391 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62390 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62389 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62388 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62387 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62386 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62385 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62384 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62383 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-61548 | 1 Edubusinesssolutions | 1 Print Shop Pro Webdesk | 2026-02-10 | 9.8 Critical |
| SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands | ||||
| CVE-2025-11623 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-15325 | 1 Tanium | 2 Discover, Service Discover | 2026-02-10 | 6.3 Medium |
| Tanium addressed an improper input validation vulnerability in Discover. | ||||
| CVE-2022-46763 | 2 Microsoft, Trueconf | 2 Windows, Server | 2026-02-10 | 8.8 High |
| A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code. | ||||
| CVE-2020-37089 | 1 Arox | 1 School Erp Pro | 2026-02-10 | 8.2 High |
| School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete database information. | ||||
| CVE-2026-0610 | 1 Devolutions | 1 Devolutions Server | 2026-02-10 | 9.8 Critical |
| SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12 | ||||
| CVE-2020-37076 | 2 Victor Cms Project, Victoralagwu | 2 Victor Cms, Cmssite | 2026-02-10 | 8.2 High |
| Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based, error-based, and time-based injection techniques. | ||||
| CVE-2026-2235 | 1 Hgiga | 1 C&cm@il Package Olln-base | 2026-02-10 | 6.5 Medium |
| C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||