Total
18159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43468 | 1 Microsoft | 3 Configuration Manager 2403, Configuration Manager 2409, Configuration Manager 2503 | 2026-02-13 | N/A | 9.8 CRITICAL |
| Microsoft Configuration Manager Remote Code Execution Vulnerability | |||||
| CVE-2025-13379 | 1 Ibm | 1 Aspera Console | 2026-02-12 | N/A | 8.6 HIGH |
| IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | |||||
| CVE-2020-37112 | 1 Gunet | 1 Open Eclass Platform | 2026-02-12 | N/A | 7.1 HIGH |
| GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques. | |||||
| CVE-2025-64092 | 1 Zenitel | 4 Icx500, Icx500 Firmware, Icx510 and 1 more | 2026-02-12 | N/A | 7.5 HIGH |
| This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. | |||||
| CVE-2025-10878 | 1 Omran | 1 Fikir Odalari Adminpando | 2026-02-12 | N/A | 10.0 CRITICAL |
| A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation). | |||||
| CVE-2026-2073 | 1 Itsourcecode | 1 School Management System | 2026-02-12 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-2083 | 1 Code-projects | 1 Social Networking Site | 2026-02-12 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /delete_post.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-2059 | 1 Bontrofftech | 1 Medical Center Portal Management System | 2026-02-12 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in SourceCodester Medical Center Portal Management System 1.0. Affected is an unknown function of the file /emp_edit1.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-1602 | 1 Ivanti | 1 Endpoint Manager | 2026-02-12 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-39474 | 1 Thememove | 1 Amely | 2026-02-11 | N/A | 9.3 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Amely allows SQL Injection. This issue affects Amely: from n/a through 3.1.4. | |||||
| CVE-2021-47918 | 1 Simplephpscripts | 1 Simple Cms Php | 2026-02-11 | N/A | 8.1 HIGH |
| Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application. | |||||
| CVE-2021-47915 | 1 Phpsugar | 1 Php Melody | 2026-02-11 | N/A | 8.1 HIGH |
| PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system. | |||||
| CVE-2025-63624 | 1 Sdkede | 2 Iot Smart Water Meter, Iot Smart Water Meter Firmware | 2026-02-11 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imei_list.aspx file. | |||||
| CVE-2025-52025 | 1 Aptsys | 1 Gemscms Backend | 2026-02-11 | N/A | 9.4 CRITICAL |
| An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows an attacker to inject and execute arbitrary SQL code by submitting crafted input in the id parameter, leading to unauthorized data access or modification. | |||||
| CVE-2026-2060 | 1 Fabian | 1 Simple Blood Donor Management System | 2026-02-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Simple Blood Donor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /simpleblooddonor/editcampaignform.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-69662 | 1 Geopandas | 1 Geopandas | 2026-02-11 | N/A | 8.6 HIGH |
| SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database. | |||||
| CVE-2026-2134 | 1 Phpgurukul | 1 Hospital Management System | 2026-02-11 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-2136 | 1 Projectworlds | 1 Online Food Ordering System | 2026-02-11 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2026-2158 | 1 Carmelo | 1 Student Web Portal | 2026-02-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. | |||||
| CVE-2026-2172 | 1 Fabian | 1 Online Application System For Admission | 2026-02-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in code-projects Online Application System for Admission 1.0. Affected by this vulnerability is an unknown functionality of the file enrollment/index.php of the component Login Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||