Total
17126 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34243 | 1 Advantech | 2 Webaccess/vpn, Webaccess\/vpn | 2025-11-17 | N/A |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | ||||
| CVE-2025-34242 | 1 Advantech | 2 Webaccess/vpn, Webaccess\/vpn | 2025-11-17 | N/A |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | ||||
| CVE-2025-34241 | 1 Advantech | 2 Webaccess/vpn, Webaccess\/vpn | 2025-11-17 | N/A |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | ||||
| CVE-2025-34240 | 1 Advantech | 2 Webaccess/vpn, Webaccess\/vpn | 2025-11-17 | N/A |
| Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. | ||||
| CVE-2025-12928 | 2 Code-projects, Fabian | 2 Online Job Search Engine, Online Job Search Engine | 2025-11-17 | 7.3 High |
| A vulnerability was detected in code-projects Online Job Search Engine 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument username/phone results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2025-13075 | 2 Codeprojects, Fabian | 2 Responsive Hotel Site, Responsive Hotel Site | 2025-11-17 | 4.7 Medium |
| A vulnerability was detected in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/usersettingdel.php. Performing manipulation of the argument eid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | ||||
| CVE-2025-13076 | 2 Codeprojects, Fabian | 2 Responsive Hotel Site, Responsive Hotel Site | 2025-11-17 | 4.7 Medium |
| A flaw has been found in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/usersetting.php. Executing manipulation of the argument usname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | ||||
| CVE-2025-0585 | 1 Aenrich | 1 A\+hrd | 2025-11-17 | 9.8 Critical |
| The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2025-10087 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-11-17 | 4.7 Medium |
| A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-63718 | 2 Pamzey, Sourcecodester | 2 Patients Waiting Area Queue Management System, Patient Queue Management System | 2025-11-17 | 6.5 Medium |
| A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands. | ||||
| CVE-2024-44636 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | 6.5 Medium |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php. | ||||
| CVE-2024-44639 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | 6.5 Medium |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php. | ||||
| CVE-2024-44640 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | 6.5 Medium |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php. | ||||
| CVE-2021-47693 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 8.8 High |
| The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject SQL fragments. Successful exploitation could lead to unauthorized disclosure or modification of configuration and application data, and in some environments could allow further compromise of the application or backend database. | ||||
| CVE-2020-36869 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 7.2 High |
| Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly sanitized, allowing SQL injection that may lead to unauthorized disclosure or modification of application data or execution of arbitrary SQL commands against the backend database. | ||||
| CVE-2020-36859 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 8.8 High |
| The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject SQL fragments. Successful exploitation could lead to unauthorized disclosure or modification of configuration and application data, and in some environments could allow further compromise of the application or backend database. | ||||
| CVE-2016-15050 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 8.8 High |
| Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorporated into SQL statements without adequate parameterization or sanitation, allowing an authenticated user to manipulate database queries. Successful exploitation could disclose or modify notification data and, in some cases, impact the application database more broadly. | ||||
| CVE-2024-55016 | 1 Phpgurukul | 2 Student Management System, Student Record System | 2025-11-17 | 6.5 Medium |
| PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php. | ||||
| CVE-2024-44630 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | 6.5 Medium |
| Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country, state, city, padd, cadd, and gender. | ||||
| CVE-2024-44632 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | 6.5 Medium |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php. | ||||