Total
16715 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10857 | 1 Campcodes | 2 Point Of Sale System, Point Of Sale System Pos | 2025-09-25 | 7.3 High |
| A security flaw has been discovered in Campcodes Point of Sale System POS 1.0. Affected by this issue is some unknown functionality of the file /login.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-29084 | 1 Cszcms | 1 Csz Cms | 2025-09-25 | 6.5 Medium |
| SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file. | ||||
| CVE-2025-54946 | 1 Sun.net | 1 Ehrd Ctms | 2025-09-25 | 9.8 Critical |
| A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands. | ||||
| CVE-2024-10440 | 2 Sun.net, Sunnet | 2 Ehrd Ctms, Ehrd Ctms | 2025-09-25 | 9.8 Critical |
| The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents. | ||||
| CVE-2025-26794 | 1 Exim | 1 Exim | 2025-09-25 | 7.5 High |
| Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. | ||||
| CVE-2025-10184 | 2 Google, Oneplus | 2 Android, Oxygenos | 2025-09-25 | N/A |
| The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. The root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the update method of those providers. | ||||
| CVE-2025-10805 | 1 Campcodes | 2 Complete Online Beauty Parlor Management System, Online Beauty Parlor Management System | 2025-09-24 | 6.3 Medium |
| A vulnerability was determined in Campcodes Online Beauty Parlor Management System 1.0. This affects an unknown part of the file /admin/add-services.php. Executing manipulation of the argument sername can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-10804 | 1 Campcodes | 2 Complete Online Beauty Parlor Management System, Online Beauty Parlor Management System | 2025-09-24 | 6.3 Medium |
| A vulnerability was found in Campcodes Online Beauty Parlor Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add-customer.php. Performing manipulation of the argument mobilenum results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-10802 | 2 Code-projects, Fabian | 2 Online Bidding System, Online Bidding System | 2025-09-24 | 7.3 High |
| A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2025-10835 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-09-24 | 6.3 Medium |
| A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/view_payorder.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-10836 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-09-24 | 7.3 High |
| A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/print1.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-10806 | 1 Campcodes | 2 Complete Online Beauty Parlor Management System, Online Beauty Parlor Management System | 2025-09-24 | 6.3 Medium |
| A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-10807 | 1 Campcodes | 2 Complete Online Beauty Parlor Management System, Online Beauty Parlor Management System | 2025-09-24 | 6.3 Medium |
| A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/edit-customer-detailed.php. The manipulation of the argument editid results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-10801 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-09-24 | 7.3 High |
| A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/edit_tax.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10800 | 2 Emiloi, Itsourcecode | 2 Online Discussion Forum, Online Discussion Forum | 2025-09-24 | 7.3 High |
| A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the file /index.php. Executing manipulation of the argument email/password can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2022-43021 | 1 Opencats | 1 Opencats | 2025-09-24 | 6.5 Medium |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable. | ||||
| CVE-2022-43022 | 1 Opencats | 1 Opencats | 2025-09-24 | 6.5 Medium |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function. | ||||
| CVE-2022-43023 | 1 Opencats | 1 Opencats | 2025-09-24 | 6.5 Medium |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. | ||||
| CVE-2022-43020 | 1 Opencats | 1 Opencats | 2025-09-24 | 6.5 Medium |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function. | ||||
| CVE-2022-34114 | 1 Dataease | 1 Dataease | 2025-09-24 | 8.8 High |
| Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. | ||||