Total
17771 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6100 | 2025-06-16 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in realguoshuai open-video-cms 1.0. It has been rated as critical. This issue affects some unknown processing of the file /v1/video/list. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-49467 | 2025-06-16 | N/A | N/A | ||
| A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges. | |||||
| CVE-2025-5487 | 2025-06-16 | N/A | 7.2 HIGH | ||
| The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the field_conditions parameter in all versions up to, and including, 5.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Administrators can configure the plugin to allow access to this functionality to authors and higher. | |||||
| CVE-2025-6169 | 2025-06-16 | N/A | 9.8 CRITICAL | ||
| The WIMP website co-construction management platform from HAMASTAR Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | |||||
| CVE-2023-46806 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-06-13 | N/A | 6.7 MEDIUM |
| An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | |||||
| CVE-2023-46807 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-06-13 | N/A | 6.7 MEDIUM |
| An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | |||||
| CVE-2025-26241 | 1 Osticket | 1 Osticket | 2025-06-13 | N/A | 6.5 MEDIUM |
| A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination. | |||||
| CVE-2025-45542 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-06-13 | N/A | 7.3 HIGH |
| SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. | |||||
| CVE-2024-57459 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-06-13 | N/A | 7.3 HIGH |
| A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands. | |||||
| CVE-2023-0224 | 1 Givewp | 1 Givewp | 2025-06-13 | N/A | 9.8 CRITICAL |
| The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks | |||||
| CVE-2025-44830 | 1 Engineercms Project | 1 Engineercms | 2025-06-13 | N/A | 9.8 CRITICAL |
| EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface. | |||||
| CVE-2023-29881 | 1 Phpok | 1 Phpok | 2025-06-13 | N/A | 6.5 MEDIUM |
| phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php. | |||||
| CVE-2024-40560 | 1 Project Team | 1 Tmall Demo | 2025-06-13 | N/A | 7.3 HIGH |
| Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2025-25426 | 1 Guchengwuyue | 1 Yshopmall | 2025-06-12 | N/A | 7.2 HIGH |
| yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface. | |||||
| CVE-2025-26047 | 1 Olajowon | 1 Loggrove | 2025-06-12 | N/A | 5.1 MEDIUM |
| Loggrove v1.0 is vulnerable to SQL Injection in the read.py file. | |||||
| CVE-2025-45240 | 1 Qianfox | 1 Foxcms | 2025-06-12 | N/A | 6.5 MEDIUM |
| foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php. | |||||
| CVE-2025-44073 | 1 Seacms | 1 Seacms | 2025-06-12 | N/A | 9.8 CRITICAL |
| SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php. | |||||
| CVE-2024-11269 | 1 Mitchelllevy | 1 Ahathat | 2025-06-12 | N/A | 7.2 HIGH |
| The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks. | |||||
| CVE-2024-11267 | 1 Joomlaserviceprovider | 1 Jsp Store Locator | 2025-06-12 | N/A | 8.8 HIGH |
| The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks. | |||||
| CVE-2025-47785 | 1 Emlog | 1 Emlog | 2025-06-12 | N/A | 8.3 HIGH |
| Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. As of time of publication, it is unknown whether a fix exists. | |||||