Total
17781 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44839 | 1 Openrapid | 1 Rapidcms | 2025-04-22 | N/A | 9.8 CRITICAL |
| RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php. | |||||
| CVE-2024-45771 | 1 Openrapid | 1 Rapidcms | 2025-04-22 | N/A | 9.8 CRITICAL |
| RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php. | |||||
| CVE-2025-27135 | 1 Infiniflow | 1 Ragflow | 2025-04-22 | N/A | 9.8 CRITICAL |
| RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available. | |||||
| CVE-2022-46117 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-22 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=. | |||||
| CVE-2022-46072 | 1 Helmet Store Showroom Project | 1 Helmet Store Showroom | 2025-04-22 | N/A | 9.8 CRITICAL |
| Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection. | |||||
| CVE-2022-46071 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-22 | N/A | 9.8 CRITICAL |
| There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access. | |||||
| CVE-2022-46126 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-21 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=. | |||||
| CVE-2022-46125 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-21 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=. | |||||
| CVE-2022-46124 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-21 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-46123 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-21 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=. | |||||
| CVE-2024-57760 | 1 Jeewms | 1 Jeewms | 2025-04-21 | N/A | 6.5 MEDIUM |
| JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java. | |||||
| CVE-2024-52724 | 1 Zzcms | 1 Zzcms | 2025-04-21 | N/A | 9.8 CRITICAL |
| ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php. | |||||
| CVE-2024-50713 | 1 Smarts-srl | 1 Smart Agent | 2025-04-21 | N/A | 9.8 CRITICAL |
| SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/interface.php. | |||||
| CVE-2024-50716 | 1 Smarts-srl | 1 Smart Agent | 2025-04-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the id parameter in the /sendPushManually.php component. | |||||
| CVE-2022-46127 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-21 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product. | |||||
| CVE-2021-31650 | 1 Online Grading System Project | 1 Online Grading System | 2025-04-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter. | |||||
| CVE-2025-2010 | 2025-04-21 | N/A | 7.5 HIGH | ||
| The JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_resume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-39471 | 2025-04-21 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pantherius Modal Survey.This issue affects Modal Survey: from n/a through 2.0.2.0.1. | |||||
| CVE-2025-22371 | 2025-04-21 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulnerability has been present in the solution before that. The issue was fixed by SicommNet around 11pm on 16 april 2025 (Eastern Time) | |||||
| CVE-2017-5598 | 1 Eclinicalworks | 1 Patient Portal | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer. | |||||