Total
16755 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-51971 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2025-09-09 | 5.4 Medium |
| A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without proper HTML encoding or output escaping. This allows remote attackers to inject arbitrary JavaScript code. | ||||
| CVE-2025-51972 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2025-09-09 | 6.5 Medium |
| A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter. | ||||
| CVE-2025-10068 | 2 Emiloi, Itsourcecode | 2 Online Discussion Forum, Online Discussion Forum | 2025-09-09 | 7.3 High |
| A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/admin_forum/add_views.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2025-10078 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-09 | 7.3 High |
| A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | ||||
| CVE-2025-10082 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-09 | 7.3 High |
| A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument email leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-58450 | 2025-09-09 | N/A | ||
| pREST (PostgreSQL REST), is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from injection attempts. Version 2.0.0-rc3 contains a patch to mitigate such attempts. | ||||
| CVE-2025-56435 | 1 Foxcms | 1 Foxcms | 2025-09-09 | 5.3 Medium |
| SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file /DataBackup.php and the operation on the parameter id. | ||||
| CVE-2025-10077 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-09 | 7.3 High |
| A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10076 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-09 | 7.3 High |
| A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-51667 | 1 Ryansu | 1 Simple Admin | 2025-09-09 | 7 High |
| An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations. | ||||
| CVE-2025-10062 | 1 Itsourcecode | 1 Student Information Management System | 2025-09-09 | 7.3 High |
| A vulnerability was determined in itsourcecode Student Information Management System 1.0. This affects an unknown part of the file /admin/login.php. Executing manipulation of the argument uname can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-9610 | 1 Carmelogarcia | 1 Online Event Judging System | 2025-09-09 | 7.3 High |
| A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /create_account.php. This manipulation of the argument fname causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Other parameters might be affected as well. | ||||
| CVE-2025-44033 | 1 Aaluoxiang | 1 Oasys | 2025-09-09 | 9.8 Critical |
| SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java | ||||
| CVE-2025-9665 | 1 Fabianros | 1 Simple Grading System | 2025-09-09 | 6.3 Medium |
| A weakness has been identified in code-projects Simple Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_student.php of the component Admin Panel. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-58780 | 1 Sciencelogic | 1 Sl1 | 2025-09-08 | 7.2 High |
| index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability." | ||||
| CVE-2025-49218 | 2 Microsoft, Trendmicro | 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption | 2025-09-08 | 7.7 High |
| A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | ||||
| CVE-2025-49215 | 2 Microsoft, Trendmicro | 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption | 2025-09-08 | 8.8 High |
| A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | ||||
| CVE-2025-49211 | 2 Microsoft, Trendmicro | 3 Windows, Endpoint Encryption Policy Server, Trend Micro Endpoint Encryption | 2025-09-08 | 7.7 High |
| A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | ||||
| CVE-2025-10087 | 2 Mayuri K, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-09-08 | 4.7 Medium |
| A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10003 | 2025-09-08 | 6.5 Medium | ||
| The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘upload_file_remove’ function and 'htmlvar' parameter in all versions up to, and including, 1.2.44 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||