Total
16868 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10802 | 1 Fabian | 1 Online Bidding System | 2025-09-24 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2025-10835 | 1 Mayurik | 1 Pet Grooming Management Software | 2025-09-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/view_payorder.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-10836 | 1 Mayurik | 1 Pet Grooming Management Software | 2025-09-24 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/print1.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-10806 | 1 Campcodes | 1 Online Beauty Parlor Management System | 2025-09-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-10807 | 1 Campcodes | 1 Online Beauty Parlor Management System | 2025-09-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/edit-customer-detailed.php. The manipulation of the argument editid results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-10801 | 1 Mayurik | 1 Pet Grooming Management Software | 2025-09-24 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/edit_tax.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-10800 | 1 Emiloi | 1 Online Discussion Forum | 2025-09-24 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the file /index.php. Executing manipulation of the argument email/password can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2022-43021 | 1 Opencats | 1 Opencats | 2025-09-24 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable. | |||||
| CVE-2022-43022 | 1 Opencats | 1 Opencats | 2025-09-24 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function. | |||||
| CVE-2022-43023 | 1 Opencats | 1 Opencats | 2025-09-24 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. | |||||
| CVE-2022-43020 | 1 Opencats | 1 Opencats | 2025-09-24 | N/A | 6.5 MEDIUM |
| OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function. | |||||
| CVE-2022-34114 | 1 Dataease | 1 Dataease | 2025-09-24 | N/A | 8.8 HIGH |
| Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. | |||||
| CVE-2023-4661 | 1 Adobe | 1 Connect | 2025-09-24 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.This issue affects Saphira Connect: before 9. | |||||
| CVE-2024-50389 | 1 Qnap | 1 Qurouter | 2025-09-24 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later | |||||
| CVE-2025-10184 | 2025-09-24 | N/A | N/A | ||
| The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. The root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the update method of those providers. | |||||
| CVE-2025-50860 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-09-24 | N/A | 6.5 MEDIUM |
| SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter. | |||||
| CVE-2025-50926 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-09-24 | N/A | 6.5 MEDIUM |
| Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the List All Email Addresses function. | |||||
| CVE-2025-9255 | 1 Uniong | 1 Webitr | 2025-09-23 | N/A | 7.5 HIGH |
| WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | |||||
| CVE-2025-34038 | 1 Weaver | 1 E-cology | 2025-09-23 | N/A | 7.5 HIGH |
| A SQL injection vulnerability exists in Fanwei e-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes. | |||||
| CVE-2025-10781 | 1 Campcodes | 1 Online Learning Management System | 2025-09-23 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_class.php. Such manipulation of the argument class_name leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||