Total
18400 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-5150 | 2026-03-30 | 7.5 HIGH | 7.3 HIGH | ||
| A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewin_costumer.php of the component Parameter Handler. Such manipulation of the argument cos_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-5148 | 2026-03-30 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-33643 | 2026-03-30 | N/A | 7.4 HIGH | ||
| SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go. | |||||
| CVE-2026-31799 | 2026-03-30 | N/A | 4.9 MEDIUM | ||
| Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "section_id" and "user_id", the /api/v2?cmd=get_home_stats endpoint passes the section_id, user_id, before, and after query parameters directly into SQL via Python %-string formatting without parameterization. An attacker who holds the Tautulli admin API key can inject arbitrary SQL and exfiltrate any value from the Tautulli SQLite database via boolean-blind inference. This issue has been patched in version 2.17.0. | |||||
| CVE-2026-29953 | 2026-03-30 | N/A | 7.4 HIGH | ||
| SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go. | |||||
| CVE-2026-5147 | 2026-03-30 | 7.5 HIGH | 7.3 HIGH | ||
| A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-33153 | 1 Tandoor | 1 Recipes | 2026-03-30 | N/A | 6.5 MEDIUM |
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden `?debug=true` query parameter that returns the complete raw SQL query being executed, including all table names, column names, JOIN relationships, WHERE conditions (revealing access control logic), and multi-tenant space IDs. This parameter works even when Django's `DEBUG=False` (production mode) and is accessible to any authenticated user regardless of their privilege level. This allows a low-privilege attacker to map the entire database schema and reverse-engineer the authorization model. Version 2.6.0 patches the issue. | |||||
| CVE-2022-34132 | 1 Jorani | 1 Jorani | 2026-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. | |||||
| CVE-2026-5033 | 1 Sherlock | 1 Accounting System | 2026-03-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The manipulation of the argument cos_id results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. | |||||
| CVE-2026-5034 | 1 Sherlock | 1 Accounting System | 2026-03-30 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component Parameter Handler. This manipulation of the argument cos_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2026-5035 | 1 Sherlock | 1 Accounting System | 2026-03-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-30530 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL commands. | |||||
| CVE-2026-30531 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 8.8 HIGH |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious SQL commands. | |||||
| CVE-2026-30532 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter. | |||||
| CVE-2026-30533 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter. | |||||
| CVE-2026-30534 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 8.3 HIGH |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter. | |||||
| CVE-2023-0332 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file admin/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218472. | |||||
| CVE-2022-29650 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. | |||||
| CVE-2024-0247 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-36759 | 1 Oretnom23 | 1 Online Food Ordering System | 2026-03-30 | N/A | 9.8 CRITICAL |
| Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. | |||||