Total CVEs

140,323

Critical Severity

3,747

High Severity

13,514

Last 7 Days

1,775
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 9,141 - 9,160 of 13,211 CVEs
CVE-2019-25524 HIGH - 8.2

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extra...

Vendor: Xooscripts
Product: XooGallery
Published: Mar 12, 2026
Source: NVD
CVE-2019-25523 HIGH - 8.2

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to cat.php with malicious cat_id values to bypass authentication, extract sensitive data,...

Vendor: Xooscripts
Product: XooGallery
Published: Mar 12, 2026
Source: NVD
CVE-2019-25522 HIGH - 8.2

XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo_id parameter. Attackers can send GET requests to photo.php with malicious photo_id values to extract sensitive data, bypass au...

Vendor: Xooscripts
Product: XooGallery
Published: Mar 12, 2026
Source: NVD
CVE-2019-25521 HIGH - 8.2

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal_id parameter. Attackers can send GET requests to gal.php with malicious gal_id values to extract sensitive database information or modi...

Vendor: Xooscripts
Product: XooGallery
Published: Mar 12, 2026
Source: NVD
CVE-2019-25520 HIGH - 8.2

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and passw...

Vendor: Jettweb
Product: Hazir Haber Sitesi Scripti
Published: Mar 12, 2026
Source: NVD
CVE-2019-25519 HIGH - 8.2

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to execute...

Vendor: Jettweb
Product: Hazir Haber Sitesi Scripti
Published: Mar 12, 2026
Source: NVD
CVE-2019-25518 HIGH - 8.2

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter to ...

Vendor: Jettweb
Product: Hazir Haber Sitesi Scripti
Published: Mar 12, 2026
Source: NVD
CVE-2019-25517 HIGH - 8.2

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injection ...

Vendor: Jettweb
Product: Hazir Haber Sitesi Scripti
Published: Mar 12, 2026
Source: NVD
CVE-2019-25516 HIGH - 8.2

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. Attackers can send GET requests to gallery.php with malicious gallery_id values using UNION-b...

Vendor: Jettweb
Product: Hazir Haber Sitesi Scripti
Published: Mar 12, 2026
Source: NVD
CVE-2019-25515 HIGH - 7.5

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and �...

Vendor: Jettweb
Product: Hazir Haber Sitesi Scripti
Published: Mar 12, 2026
Source: NVD
CVE-2019-25514 HIGH - 8.2

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data from...

Vendor: Jettweb
Product: Hazir Haber Sitesi Scripti
Published: Mar 12, 2026
Source: NVD
CVE-2019-25513 HIGH - 8.2

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using...

Vendor: Jettweb
Product: Hazir Haber Sitesi Scripti
Published: Mar 12, 2026
Source: NVD
CVE-2019-25512 HIGH - 8.2

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive database ...

Vendor: Jettweb
Product: Hazir Haber Sitesi Scripti
Published: Mar 12, 2026
Source: NVD
CVE-2019-25511 HIGH - 8.2

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using UNION-ba...

Vendor: Jettweb
Product: Hazir Haber Sitesi Scripti
Published: Mar 12, 2026
Source: NVD
CVE-2019-25510 HIGH - 8.2

Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and passw...

Vendor: Jettweb
Product: Hazir Haber Sitesi Scripti
Published: Mar 12, 2026
Source: NVD
CVE-2019-25509 HIGH - 8.2

XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database i...

Vendor: Xooscripts
Product: XooDigital
Published: Mar 12, 2026
Source: NVD
CVE-2019-25508 HIGH - 8.2

Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat...

Vendor: Jettweb
Product: Hazir Ilan Sitesi Scripti
Published: Mar 12, 2026
Source: NVD
CVE-2019-25488 HIGH - 8.2

Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parame...

Vendor: Jettweb
Product: Rent A Car Scripti
Published: Mar 12, 2026
Source: NVD
CVE-2019-25482 HIGH - 8.2

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to ex...

Vendor: Jettweb
Product: Hazir Rent A Car Sitesi Scripti
Published: Mar 12, 2026
Source: NVD
CVE-2019-25481 HIGH - 8.2

iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitive d...

Vendor: Iscripts
Product: iScripts ReserveLogic
Published: Mar 12, 2026
Source: NVD