Total
18281 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-25022 | 2026-02-03 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.16. | |||||
| CVE-2026-21856 | 1 Tarkov | 1 Tarkov Data Manager | 2026-02-03 | N/A | 7.2 HIGH |
| The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against the MySQL database. Commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 contains a patch. | |||||
| CVE-2025-69562 | 1 Fabian | 1 Mobile Shop Management System | 2026-02-03 | N/A | 9.8 CRITICAL |
| code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter. | |||||
| CVE-2025-69563 | 1 Fabian | 1 Mobile Shop Management System | 2026-02-03 | N/A | 9.8 CRITICAL |
| code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExLogin.php via the Password parameter. | |||||
| CVE-2026-1535 | 1 Fabian | 1 Online Music Site | 2026-02-02 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Administrator/PHP/AdminReply.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-1534 | 1 Fabian | 1 Online Music Site | 2026-02-02 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-1593 | 1 Angeljudesuarez | 1 Society Management System | 2026-02-02 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_expenses_query.php. Executing a manipulation of the argument detail can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-1594 | 1 Angeljudesuarez | 1 Society Management System | 2026-02-02 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_expenses.php. The manipulation of the argument detail leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-1595 | 1 Angeljudesuarez | 1 Society Management System | 2026-02-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_student_query.php. The manipulation of the argument student_id results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. | |||||
| CVE-2026-1176 | 1 Itsourcecode | 1 School Management System | 2026-02-02 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2020-36947 | 1 Librenms | 1 Librenms | 2026-02-02 | N/A | 7.1 HIGH |
| LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection. | |||||
| CVE-2026-1545 | 1 Angeljudesuarez | 1 School Management System | 2026-02-02 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in itsourcecode School Management System 1.0. The affected element is an unknown function of the file /course/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-1551 | 1 Angeljudesuarez | 1 School Management System | 2026-02-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-1589 | 1 Angeljudesuarez | 1 School Management System | 2026-02-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-1590 | 1 Angeljudesuarez | 1 School Management System | 2026-02-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/faculty/index.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2021-47811 | 1 Grocerycrud | 1 Grocery Crud | 2026-02-02 | N/A | 9.1 CRITICAL |
| Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the order_by[] parameter in POST requests to the ajax_list endpoint to potentially extract or modify database information. | |||||
| CVE-2025-41375 | 1 Limesurvey | 1 Limesurvey | 2026-01-30 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability allows an attacker to retrieve, create, update and delete database via 'token' parameter in '/index.php' endpoint. | |||||
| CVE-2024-6933 | 1 Limesurvey | 1 Limesurvey | 2026-01-30 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in LimeSurvey 6.5.14-240624. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettings_generalsettings of the component Survey General Settings Handler. This manipulation of the argument Language causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 6.6.2+240827 can resolve this issue. Patch name: d656d2c7980b7642560977f4780e64533a68e13d. You should upgrade the affected component. | |||||
| CVE-2025-13001 | 1 Kieranoshea | 1 Donations | 2026-01-30 | N/A | 4.1 MEDIUM |
| The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks | |||||
| CVE-2025-13000 | 1 Jimbob1953 | 1 Db-access | 2026-01-30 | N/A | 7.7 HIGH |
| The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks | |||||