Total
16115 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7764 | 1 Vanna-ai | 1 Vanna | 2025-07-12 | N/A |
| Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the `generate_sql` function calls `extract_sql` with the LLM response. An attacker can include a semi-colon between a search data field and their own command, causing the `extract_sql` function to remove all LLM generated SQL and execute the attacker's command if it passes the `is_sql_valid` function. This allows the execution of user-defined SQL beyond the expected boundaries, notably the trained schema. | ||||
| CVE-2024-6452 | 1 Linlinjava | 1 Litemall | 2025-07-12 | 6.3 Medium |
| A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270235. | ||||
| CVE-2024-47926 | 1 Tecnick | 1 Tcexam | 2025-07-12 | 9.8 Critical |
| Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ||||
| CVE-2024-51620 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Porsline allows Blind SQL Injection.This issue affects Porsline: from n/a through 1.0.2. | ||||
| CVE-2024-55983 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Derek Hamilton PowerFormBuilder allows SQL Injection.This issue affects PowerFormBuilder: from n/a through 1.0.6. | ||||
| CVE-2024-5311 | 1 Digiwin | 1 Easyflow .net | 2025-07-12 | 9.8 Critical |
| DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database records. | ||||
| CVE-2025-49421 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andrei Filonov WP Text Expander allows SQL Injection. This issue affects WP Text Expander: from n/a through 1.0.1. | ||||
| CVE-2024-51623 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mehrdad Farahani WP EIS allows SQL Injection.This issue affects WP EIS: from n/a through 1.3.3. | ||||
| CVE-2024-3770 | 1 Phpgurukul | 1 Student Record System | 2025-07-12 | 6.3 Medium |
| A vulnerability has been found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage-courses.php?del=1. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260617 was assigned to this vulnerability. | ||||
| CVE-2025-49327 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia ShortLinks Pro allows SQL Injection. This issue affects ShortLinks Pro: from n/a through 1.0.7. | ||||
| CVE-2024-5106 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-07-12 | 6.3 Medium |
| A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_payment_details3.php. The manipulation of the argument index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265096. | ||||
| CVE-2025-32301 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown Pro WP Plugin allows SQL Injection. This issue affects CountDown Pro WP Plugin: from n/a through 2.7. | ||||
| CVE-2025-32550 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1. | ||||
| CVE-2024-49246 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login allows SQL Injection.This issue affects Ajax Rating with Custom Login: from n/a through 1.1. | ||||
| CVE-2024-12031 | 2 Codetides, Wordpress | 2 Advanced Floating Content, Wordpress | 2025-07-12 | 6.5 Medium |
| The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-31911 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Social Share And Social Locker allows Blind SQL Injection. This issue affects Social Share And Social Locker: from n/a through 1.4.2. | ||||
| CVE-2025-31928 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Multimedia Responsive Carousel with Image Video Audio Support allows SQL Injection. This issue affects Multimedia Responsive Carousel with Image Video Audio Support: from n/a through 2.6.0. | ||||
| CVE-2024-12938 | 1 Code-projects | 1 Simple Admin Panel | 2025-07-12 | 6.3 Medium |
| A vulnerability has been found in code-projects Simple Admin Panel 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file updateOrderStatus.php. The manipulation of the argument record leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-47599 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturante Facturante allows SQL Injection. This issue affects Facturante: from n/a through 1.11. | ||||
| CVE-2024-54284 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through 6.18.10. | ||||