Total
16716 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34114 | 1 Dataease | 1 Dataease | 2025-09-24 | 8.8 High |
| Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. | ||||
| CVE-2023-4661 | 1 Adobe | 1 Connect | 2025-09-24 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.This issue affects Saphira Connect: before 9. | ||||
| CVE-2024-50389 | 1 Qnap | 1 Qurouter | 2025-09-24 | 9.8 Critical |
| A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later | ||||
| CVE-2025-50860 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-09-24 | 6.5 Medium |
| SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter. | ||||
| CVE-2025-50926 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-09-24 | 6.5 Medium |
| Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the List All Email Addresses function. | ||||
| CVE-2025-9255 | 1 Uniong | 1 Webitr | 2025-09-23 | 7.5 High |
| WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2025-34038 | 1 Weaver | 1 E-cology | 2025-09-23 | 7.5 High |
| A SQL injection vulnerability exists in Fanwei e-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes. | ||||
| CVE-2025-10781 | 1 Campcodes | 1 Online Learning Management System | 2025-09-23 | 7.3 High |
| A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_class.php. Such manipulation of the argument class_name leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-10782 | 1 Campcodes | 1 Online Learning Management System | 2025-09-23 | 7.3 High |
| A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/class.php. Performing manipulation of the argument class_name results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-10783 | 1 Campcodes | 1 Online Learning Management System | 2025-09-23 | 7.3 High |
| A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_subject.php. Executing manipulation of the argument subject_code can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-10784 | 1 Campcodes | 1 Online Learning Management System | 2025-09-23 | 7.3 High |
| A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_subject.php. The manipulation of the argument subject_code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10812 | 2 Angeljudesuarez, Code-projects | 2 Hostel Management System, Hotel Management System | 2025-09-23 | 7.3 High |
| A vulnerability has been found in code-projects Hostel Management System 1.0. This impacts an unknown function of the file /justines/admin/mod_amenities/index.php?view=view. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-10813 | 2 Angeljudesuarez, Code-projects | 2 Hostel Management System, Hotel Management System | 2025-09-23 | 7.3 High |
| A vulnerability was found in code-projects Hostel Management System 1.0. Affected is an unknown function of the file /justines/admin/mod_reports/index.php. The manipulation of the argument Home results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-57631 | 1 Tduckcloud | 2 Tduck, Tduckpro | 2025-09-23 | 9.8 Critical |
| SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module | ||||
| CVE-2025-55885 | 1 Ard | 1 Ard | 2025-09-23 | 6.3 Medium |
| SQL Injection vulnerability in Alpes Recherche et Developpement ARD GEC en Lign before v.2025-04-23 allows a remote attacker to escalate privileges via the GET parameters in index.php | ||||
| CVE-2025-58686 | 2 Quadlayers, Wordpress | 2 Perfect Brands For Woocommerce, Wordpress | 2025-09-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quadlayers Perfect Brands for WooCommerce allows SQL Injection. This issue affects Perfect Brands for WooCommerce: from n/a through 3.6.0. | ||||
| CVE-2025-53468 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in [email protected] Wp tabber widget allows SQL Injection. This issue affects Wp tabber widget: from n/a through 4.0. | ||||
| CVE-2025-59570 | 2 Wordpress, Wpfunnels | 2 Wordpress, Mail Mint Plugin | 2025-09-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.6. | ||||
| CVE-2024-51444 | 1 Siemens | 1 Polarion Alm | 2025-09-23 | 6.5 Medium |
| A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that bypasses authorization controls and allows to download any data from the application's database. | ||||
| CVE-2025-29980 | 1 Centralsquare | 1 Etrakit.net | 2025-09-23 | 9.8 Critical |
| A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development. | ||||