Total
16796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-60266 | 1 Bestfeng | 1 Xckk | 2025-10-16 | N/A | 6.5 MEDIUM |
| In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability. | |||||
| CVE-2025-60267 | 1 Bestfeng | 1 Xckk | 2025-10-16 | N/A | 6.5 MEDIUM |
| In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability. | |||||
| CVE-2025-60316 | 1 Mayurik | 1 Pet Grooming Management Software | 2025-10-16 | N/A | 9.4 CRITICAL |
| SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/view_customer.php via the ID parameter. | |||||
| CVE-2025-11736 | 1 Angeljudesuarez | 1 Online Examination System | 2025-10-16 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2025-11668 | 1 Fabian | 1 Automated Voting System | 2025-10-16 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was determined in code-projects Automated Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/update_user.php. This manipulation of the argument Password causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-1958 | 1 Aaluoxiang | 1 Oa System | 2025-10-15 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in aaluoxiang oa_system 1.0. This issue affects some unknown processing of the file src/main/resources/mappers/address-mapper.xml. The manipulation of the argument outtype leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-11629 | 2025-10-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-40711 | 1 Quiter | 1 Quiter Gateway | 2025-10-15 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/VerFacturaPDF. | |||||
| CVE-2025-40712 | 1 Quiter | 1 Quiter Gateway | 2025-10-15 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/DescargarFactura. | |||||
| CVE-2025-40713 | 1 Quiter | 1 Quiter Gateway | 2025-10-15 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo parameter in/<Client>FacturaE/BusquedasFacturasSesion. | |||||
| CVE-2025-40714 | 1 Quiter | 1 Quiter Gateway | 2025-10-15 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo id_factura inĀ /<Client>FacturaE/listado_facturas_ficha.jsp. | |||||
| CVE-2025-3846 | 1 Markparticle | 1 Webserver | 2025-10-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file code/http/httprequest.cpp of the component Registration. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-11623 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62383 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62385 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62386 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62387 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62388 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62389 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||
| CVE-2025-62390 | 1 Ivanti | 1 Endpoint Manager | 2025-10-15 | N/A | 6.5 MEDIUM |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | |||||