Total
17686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-67082 | 1 Invoiceplane | 1 Invoiceplane | 2026-01-22 | N/A | 6.5 MEDIUM |
| An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises from insufficient sanitizing of single quotes. | |||||
| CVE-2025-70892 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2026-01-22 | N/A | 9.8 CRITICAL |
| Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint. | |||||
| CVE-2025-70893 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2026-01-22 | N/A | 8.8 HIGH |
| A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL expressions. | |||||
| CVE-2026-0803 | 1 Phpgurukul | 1 Online Course Registration System | 2026-01-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-0729 | 1 Carmelo | 1 Intern Membership Management System | 2026-01-22 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was detected in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /intern/admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | |||||
| CVE-2026-0728 | 1 Carmelo | 1 Intern Membership Management System | 2026-01-22 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /intern/admin/delete_admin.php. Such manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-15493 | 1 Docsys Project | 1 Docsys | 2026-01-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15492 | 1 Docsys Project | 1 Docsys | 2026-01-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of the argument searchWord results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15494 | 1 Docsys Project | 1 Docsys | 2026-01-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-61548 | 1 Edubusinesssolutions | 1 Print Shop Pro Webdesk | 2026-01-22 | N/A | 9.8 CRITICAL |
| SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands | |||||
| CVE-2025-61943 | 1 Aveva | 1 Process Optimization | 2026-01-22 | N/A | 8.4 HIGH |
| The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server. | |||||
| CVE-2026-22687 | 1 Tencent | 1 Weknora | 2026-01-22 | N/A | 8.1 HIGH |
| WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass techniques to evade query restrictions and obtain sensitive information from the target server and database. This issue has been patched in version 0.2.5. | |||||
| CVE-2025-39481 | 1 Imithemes | 1 Eventer | 2026-01-22 | N/A | 9.3 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer allows Blind SQL Injection.This issue affects Eventer: from n/a before 3.11.4. | |||||
| CVE-2024-51539 | 1 Dell | 1 Secure Connect Gateway | 2026-01-21 | N/A | 2.3 LOW |
| The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attacker with access to the system could potentially exploit this vulnerability, leading to the disclosure of non-sensitive information that does not include any customer data. | |||||
| CVE-2023-39309 | 1 Avada | 1 Fusion Builder | 2026-01-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1. | |||||
| CVE-2025-14227 | 1 Philipinho | 1 Simple-php-blog | 2026-01-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-30244 | 1 Church Admin Project | 1 Church Admin | 2026-01-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27. | |||||
| CVE-2025-66417 | 1 Glpi-project | 1 Glpi | 2026-01-21 | N/A | 7.5 HIGH |
| GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3. | |||||
| CVE-2025-28953 | 1 Axiomthemes | 1 Smartseo | 2026-01-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through <= 4.0. | |||||
| CVE-2022-46764 | 2 Microsoft, Trueconf | 2 Windows, Server | 2026-01-21 | N/A | 9.8 CRITICAL |
| A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution. | |||||