Total
16044 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25221 | 1 Luxsoft | 2 Luxcal, Luxcal Web Calendar | 2025-07-21 | N/A |
| The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved. | ||||
| CVE-2025-53549 | 1 Matrix | 1 Matrix-rust-sdk | 2025-07-21 | N/A |
| The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::find_event_with_relations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that directly pass relation types provided by those room members into this method, when used with the default sqlite-based store backend. Exploitation is unlikely, as no known clients currently use the API in this manner. This vulnerability is fixed in 0.13. | ||||
| CVE-2025-48299 | 2 Wordpress, Yaycommerce | 2 Wordpress, Yayextra | 2025-07-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayExtra allows SQL Injection. This issue affects YayExtra: from n/a through 1.5.5. | ||||
| CVE-2025-54043 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for Amazon SES allows SQL Injection. This issue affects SMTP for Amazon SES: from n/a through 1.9. | ||||
| CVE-2025-48161 | 2 Wordpress, Yaycommerce | 2 Wordpress, Yaysmtp | 2025-07-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection. This issue affects YaySMTP: from n/a through 1.3. | ||||
| CVE-2025-54026 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuanticaLabs GymBase Theme Classes allows SQL Injection. This issue affects GymBase Theme Classes: from n/a through 1.4. | ||||
| CVE-2025-28959 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Md Yeasin Ul Haider URL Shortener allows SQL Injection. This issue affects URL Shortener: from n/a through 3.0.7. | ||||
| CVE-2025-49876 | 2 Metagauss, Wordpress | 2 Profilegrid, Wordpress | 2025-07-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.2. | ||||
| CVE-2025-28982 | 2 Thimpress, Wordpress | 2 Wp Pipes, Wordpress | 2025-07-21 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affects WP Pipes: from n/a through 1.4.3. | ||||
| CVE-2025-52714 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler allows SQL Injection. This issue affects Traveler: from n/a through n/a. | ||||
| CVE-2025-32574 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This issue affects WPGYM: from n/a through 65.0. | ||||
| CVE-2025-30936 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod allows SQL Injection. This issue affects Torod: from n/a through 1.9. | ||||
| CVE-2025-52819 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pakkemx Pakke Envíos allows SQL Injection. This issue affects Pakke Envíos: from n/a through 1.0.2. | ||||
| CVE-2025-7754 | 2 Code-projects, Fabianros | 2 Patient Record Management System, Patient Record Management System | 2025-07-21 | 6.3 Medium |
| A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /xray_form.php. The manipulation of the argument itr_no leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7735 | 2025-07-21 | 7.5 High | ||
| The Hospital Information System developed by UNIMAX has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2025-7476 | 2 Code-projects, Fabianros | 2 Simple Car Rental System, Simple Car Rental System | 2025-07-18 | 7.3 High |
| A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. This vulnerability affects unknown code of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7475 | 2 Code-projects, Fabianros | 2 Simple Car Rental System, Simple Car Rental System | 2025-07-18 | 7.3 High |
| A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part of the file /pay.php. The manipulation of the argument mpesa leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7753 | 1 Anisha | 1 Online Appointment Booking System | 2025-07-18 | 7.3 High |
| A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adddoctor.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7752 | 1 Anisha | 1 Online Appointment Booking System | 2025-07-18 | 7.3 High |
| A vulnerability was found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/deletedoctor.php. The manipulation of the argument did leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7751 | 1 Anisha | 1 Online Appointment Booking System | 2025-07-18 | 7.3 High |
| A vulnerability has been found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addclinic.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||