Total
19295 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1508 | 1 Adampos | 1 Mobilmen El Terminali Yazilimi | 2026-06-01 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection. This issue affects Mobilmen Terminal Software: before 3. | |||||
| CVE-2023-1267 | 1 Pttemkart | 1 Pttem Kart | 2026-06-01 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart. This issue affects PtteM Kart: before 2.1. | |||||
| CVE-2023-1251 | 1 Akinsoft | 1 Wolvox | 2026-06-01 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03. | |||||
| CVE-2023-1198 | 1 Saysis | 1 Starcities | 2026-06-01 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection. This issue affects Starcities: through 1.3. | |||||
| CVE-2023-1153 | 1 Pacsrapor | 1 Pacsrapor | 2026-06-01 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Pacsrapor: before 1.22. | |||||
| CVE-2023-1152 | 1 Utarit | 1 Persolus | 2026-06-01 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: before 2.03.93. | |||||
| CVE-2023-1091 | 1 Alpatateknoloji | 1 Licensed Warehousing Automation System | 2026-06-01 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection. This issue affects Licensed Warehousing Automation System: through 2023.1.01. | |||||
| CVE-2023-1064 | 1 Uzaybaskul | 1 Weighbridge Automation Software | 2026-06-01 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Uzay Baskul Weighbridge Automation Software allows SQL Injection. This issue affects Weighbridge Automation Software: before 1.1. | |||||
| CVE-2023-1050 | 1 Askoc | 1 Web Report System | 2026-06-01 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in As Koc Energy Web Report System allows SQL Injection. This issue affects Web Report System: before 23.03.10. | |||||
| CVE-2023-0979 | 1 Meddatapacs | 1 Meddatapacs | 2026-06-01 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows SQL Injection. This issue affects MedDataPACS : before 2023-03-03. | |||||
| CVE-2023-0939 | 1 Online Services Project | 1 Online Services | 2026-06-01 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection. This issue affects Online Services Software: before 1.17. | |||||
| CVE-2026-10249 | 2026-06-01 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was identified in itsourcecode Online Blood Bank Management System 1.0. Impacted is an unknown function of the file /admin/viewrequest.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-10250 | 2026-06-01 | 7.5 HIGH | 7.3 HIGH | ||
| A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2023-1547 | 1 Elra | 1 Parkmatik | 2026-06-01 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection. This issue affects Parkmatik: before 02.01-a51. | |||||
| CVE-2026-39229 | 2026-05-29 | N/A | 6.5 MEDIUM | ||
| Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information | |||||
| CVE-2018-25398 | 2026-05-29 | N/A | 8.2 HIGH | ||
| The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details. | |||||
| CVE-2018-25403 | 2026-05-29 | N/A | 8.2 HIGH | ||
| The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to city_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data. | |||||
| CVE-2018-25402 | 2026-05-29 | N/A | 8.2 HIGH | ||
| The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inc_types_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data. | |||||
| CVE-2018-25400 | 2026-05-29 | N/A | 8.2 HIGH | ||
| The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/form_post.php endpoint with crafted SQL payloads to extract sensitive database information including schema names and other data. | |||||
| CVE-2018-25401 | 2026-05-29 | N/A | 8.2 HIGH | ||
| The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to sever_graph.php with crafted SQL payloads to extract sensitive database information including schema names and other data. | |||||