Total
16791 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9339 | 2025-10-21 | N/A | N/A | ||
| SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user to send a payload of up to 20 characters. Identified use case allows to delete tables with a name of maximum 6 characters. We weren't able to identify a way to exfiltrate data within query character limit. This issue affects SIMPLE.ERP in versions before 6.30@a04.3. | |||||
| CVE-2025-26392 | 2025-10-21 | N/A | 5.4 MEDIUM | ||
| SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account. | |||||
| CVE-2025-60783 | 2025-10-21 | N/A | 6.5 MEDIUM | ||
| There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings. | |||||
| CVE-2025-47902 | 2025-10-21 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5. | |||||
| CVE-2025-62658 | 2025-10-21 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44. | |||||
| CVE-2025-11691 | 2025-10-21 | N/A | 7.5 HIGH | ||
| The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable when the Enable Legacy Price Calculations setting is enabled. | |||||
| CVE-2025-60307 | 1 Carmelo | 1 Computer Laboratory System | 2025-10-21 | N/A | 9.8 CRITICAL |
| code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts. | |||||
| CVE-2025-11605 | 1 Code-projects | 1 Client Details System | 2025-10-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/update-profile.php. Such manipulation of the argument uid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-40755 | 1 Siemens | 1 Sinec Nms | 2025-10-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570) | |||||
| CVE-2025-41018 | 1 Sergestec | 1 Exito | 2025-10-21 | N/A | 9.8 CRITICAL |
| SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'. | |||||
| CVE-2025-61540 | 1 Myupb | 1 Ultimate Php Board | 2025-10-21 | N/A | 6.5 MEDIUM |
| SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php. | |||||
| CVE-2025-11558 | 1 Fabianros | 1 E-commerce Website | 2025-10-20 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-11604 | 1 Projectworlds | 1 Online Food Ordering System | 2025-10-20 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-11551 | 1 Carmelo | 1 Student Result Manager | 2025-10-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in code-projects Student Result Manager 1.0. This affects an unknown function of the file src/students/Database.java. This manipulation of the argument roll/name/gpa causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-11552 | 1 Fabianros | 1 Online Complaint Site | 2025-10-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-11553 | 1 Carmelogarcia | 1 Courier Management System | 2025-10-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in code-projects Courier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-courier.php. Executing manipulation of the argument Shippername can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-11555 | 1 Campcodes | 1 Online Learning Management System | 2025-10-20 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendar_of_events.php. The manipulation of the argument date_start results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2025-11556 | 1 Carmelo | 1 Simple Leave Manager | 2025-10-20 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in code-projects Simple Leave Manager 1.0. This vulnerability affects unknown code of the file /user.php. This manipulation of the argument table causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. | |||||
| CVE-2025-11557 | 1 Projectworlds | 1 Gate Pass Management System | 2025-10-20 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of the argument fullname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-57833 | 1 Djangoproject | 1 Django | 2025-10-20 | N/A | 7.1 HIGH |
| An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). | |||||