CWE-89 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (17583 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-3848	1 Wp User Merger Project	1 Wp User Merger	2025-04-25	8.8 High
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin
CVE-2022-42109	1 Online-shopping-system-advanced Project	1 Online-shopping-system-advanced	2025-04-25	9.8 Critical
Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.
CVE-2022-45329	1 Aerocms Project	1 Aerocms	2025-04-25	7.5 High
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.
CVE-2022-3768	1 Wpsmartcontracts	1 Wpsmartcontracts	2025-04-25	8.8 High
The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author
CVE-2022-3751	1 Owncast Project	1 Owncast	2025-04-25	9.8 Critical
SQL Injection in GitHub repository owncast/owncast prior to 0.0.13.
CVE-2022-44291	1 Webtareas Project	1 Webtareas	2025-04-24	9.8 Critical
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.
CVE-2022-44290	1 Webtareas Project	1 Webtareas	2025-04-24	9.8 Critical
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.
CVE-2022-44277	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	7.2 High
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product.
CVE-2022-45328	1 Church Management System Project	1 Church Management System	2025-04-24	7.2 High
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php.
CVE-2022-44348	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	7.2 High
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=.
CVE-2022-44347	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	7.2 High
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=.
CVE-2022-44345	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	7.2 High
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=.
CVE-2022-44296	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	7.2 High
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=.
CVE-2022-44295	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	7.2 High
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assign_team.php?id=.
CVE-2022-44294	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	7.2 High
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=.
CVE-2022-44151	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	9.8 Critical
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
CVE-2022-30528	1 Isic.lk Project	1 Isic.lk	2025-04-24	9.8 Critical
SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.
CVE-2024-54927	1 Lopalopa	1 E-learning Management System	2025-04-24	7.2 High
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.
CVE-2024-54928	1 Lopalopa	1 E-learning Management System	2025-04-24	7.2 High
kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,
CVE-2024-54934	1 Lopalopa	1 E-learning Management System	2025-04-24	9.8 Critical
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.

« first previous Page 234 of 880. next last »