CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (16717 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-21179	1 Koa2-blog Project	1 Koa2-blog	2024-11-21	9.8 Critical
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page.
CVE-2020-21176	1 Thinkjs	1 Thinkjs	2024-11-21	9.8 Critical
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.
CVE-2020-21133	1 Metinfo	1 Metinfo	2024-11-21	9.8 Critical
SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid.
CVE-2020-21132	1 Metinfo	1 Metinfo	2024-11-21	9.8 Critical
SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.
CVE-2020-21131	1 Metinfo	1 Metinfo	2024-11-21	7.2 High
SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage.
CVE-2020-21127	1 Metinfo	1 Metinfo	2024-11-21	9.8 Critical
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
CVE-2020-21121	1 Kliqqi	1 Kliqqi Cms	2024-11-21	9.8 Critical
Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file.
CVE-2020-21013	1 Emlog	1 Emlog	2024-11-21	7.2 High
emlog v6.0.0 contains a SQL injection via /admin/comment.php.
CVE-2020-21012	1 Hotel And Lodge Booking Management System Project	1 Hotel And Lodge Booking Management System	2024-11-21	9.8 Critical
Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
CVE-2020-20981	1 Metinfo	1 Metinfo	2024-11-21	7.5 High
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.
CVE-2020-20975	1 Gxlcms	1 Gxlcms	2024-11-21	9.8 Critical
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.
CVE-2020-20800	1 Metinfo	1 Metinfo	2024-11-21	9.8 Critical
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI.
CVE-2020-20797	1 Flamecms Project	1 Flamecms	2024-11-21	9.8 Critical
FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php.
CVE-2020-20796	1 Flamecms Project	1 Flamecms	2024-11-21	9.8 Critical
FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter.
CVE-2020-20692	1 Gilacms	1 Gila Cms	2024-11-21	7.2 High
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
CVE-2020-20675	1 Nuishop	1 Nuishop	2024-11-21	9.8 Critical
Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/.
CVE-2020-20625	1 Slicedinvoices	1 Sliced Invoices	2024-11-21	7.5 High
Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php.
CVE-2020-20585	1 Metinfo	1 Metinfo	2024-11-21	7.5 High
A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information.
CVE-2020-20583	1 8cms	1 Ljcms	2024-11-21	7.5 High
A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information.
CVE-2020-20474	1 White Shark Systems Project	1 White Shark Systems	2024-11-21	7.5 High
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the default_task_edituser.php files failing to filter the csa_to_user parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.

« first previous Page 729 of 836. next last »