Total
14520 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54932 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. | |||||
| CVE-2024-54931 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
| A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | |||||
| CVE-2024-52675 | 1 Oretnom23 | 1 Sentiment Based Movie Rating System | 2025-04-24 | N/A | 9.8 CRITICAL |
| SourceCodester Sentiment Based Movie Rating System 1.0 is vulnerable to SQL Injection in /msrps/movies.php. | |||||
| CVE-2024-32847 | 1 Ivanti | 1 Endpoint Manager | 2025-04-24 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2025-29651 | 1 Tp-link | 2 M7650, M7650 Firmware | 2025-04-24 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 170623 Rel.1022n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing. | |||||
| CVE-2022-45019 | 1 Slims | 1 Senayan Library Management System | 2025-04-24 | N/A | 7.5 HIGH |
| SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter. | |||||
| CVE-2022-44945 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 9.8 CRITICAL |
| Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter. | |||||
| CVE-2025-29652 | 1 Tp-link | 2 M7000, M7000 Firmware | 2025-04-24 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability exists in the TP-Link M7000 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 180127 Rel.55998n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing. | |||||
| CVE-2025-29653 | 1 Tp-link | 2 M7450, M7450 Firmware | 2025-04-24 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability exists in the TP-Link M7450 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.2 Build 170306 Rel.1015n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. | |||||
| CVE-2025-29650 | 1 Tp-link | 2 M7200, M7200 Firmware | 2025-04-24 | N/A | 6.3 MEDIUM |
| SQL Injection vulnerability exists in the TP-Link M7200 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 180127 Rel.55998n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing. | |||||
| CVE-2025-3690 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-24 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. The manipulation of the argument cost leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3684 | 1 Xianqi | 1 Kindergarten Management System | 2025-04-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808. It has been rated as critical. This issue affects some unknown processing of the file stu_list.php of the component Child Management. The manipulation of the argument sex leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-29648 | 1 Tp-link | 2 Eap120, Eap120 Firmware | 2025-04-24 | N/A | 7.3 HIGH |
| SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the login fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing. | |||||
| CVE-2025-29649 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2025-04-24 | N/A | 7.3 HIGH |
| SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing. | |||||
| CVE-2024-55238 | 1 Open-metadata | 1 Openmetadata | 2025-04-24 | N/A | 7.1 HIGH |
| OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query. | |||||
| CVE-2025-3872 | 2025-04-24 | N/A | 7.2 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload. This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4. | |||||
| CVE-2025-3280 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| The ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value_filter' parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-0881 | 1 Codezips | 1 Gym Management System | 2025-04-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-32841 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-32839 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 7.2 HIGH |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||