Total
16332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47587 | 1 Yaycommerce | 1 Yaysmtp | 2025-06-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows Blind SQL Injection. This issue affects YaySMTP: from n/a through 2.6.4. | ||||
| CVE-2025-48278 | 1 Davidfcarr | 1 Rsvpmarker | 2025-06-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker allows SQL Injection. This issue affects RSVPMarker : from n/a through 11.5.6. | ||||
| CVE-2025-4778 | 1 Phpgurukul | 1 Park Ticketing Management System | 2025-06-24 | 6.3 Medium |
| A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /normal-search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5433 | 1 Fengoffice | 1 Feng Office | 2025-06-24 | 6.3 Medium |
| A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=set_timezone. The manipulation of the argument tz_offset leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5569 | 1 Ideacms | 1 Ideacms | 2025-06-24 | 6.3 Medium |
| A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component. | ||||
| CVE-2025-36528 | 2 Manageengine, Zohocorp | 2 Adaudit Plus, Manageengine Adaudit Plus | 2025-06-24 | 8.3 High |
| Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports. | ||||
| CVE-2025-26136 | 2 Mysiteforme, Wangl1989 | 2 Mysiteforme, Mysiteforme | 2025-06-24 | 9.8 Critical |
| A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1. | ||||
| CVE-2024-51165 | 1 Ketr | 1 Jepaas | 2025-06-24 | 7.5 High |
| SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | ||||
| CVE-2024-57430 | 1 Phpjabbers | 1 Cinema Booking System | 2025-06-24 | 9.8 Critical |
| An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation. | ||||
| CVE-2025-4738 | 2025-06-23 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection.This issue affects MY ERP: before 1.170. | ||||
| CVE-2025-6267 | 2025-06-23 | 6.3 Medium | ||
| A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /adpweb/a/base/barcodeDetail/. The manipulation of the argument barcodeNo/barcode/itemNo leads to sql injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6276 | 2025-06-23 | 6.3 Medium | ||
| A vulnerability was found in Brilliance Golden Link Secondary System up to 20250609. It has been rated as critical. Affected by this issue is some unknown functionality of the file /storagework/rentTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-52822 | 2025-06-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WP Roadmap allows SQL Injection. This issue affects WP Roadmap: from n/a through 2.1.3. | ||||
| CVE-2025-52821 | 2025-06-23 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager allows SQL Injection. This issue affects Video List Manager: from n/a through 1.7. | ||||
| CVE-2025-6339 | 1 Ponaravindb | 1 Hospital Management System | 2025-06-23 | 7.3 High |
| A vulnerability was found in ponaravindb Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /func3.php. The manipulation of the argument username1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6277 | 2025-06-23 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /storagework/custTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3856 | 1 Xxyopen | 1 Novel-plus | 2025-06-23 | 6.3 Medium |
| A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3872 | 1 Centreon | 1 Centreon Web | 2025-06-23 | 7.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload. This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4. | ||||
| CVE-2025-3893 | 1 Jan Syski | 1 Megabip | 2025-06-23 | N/A |
| While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability. Version 5.20 of MegaBIP fixes this issue. | ||||
| CVE-2025-40665 | 1 Tcman | 1 Gim | 2025-06-23 | N/A |
| Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx. | ||||