Total
17698 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14285 | 1 Code-projects | 1 Employee Profile Management System | 2025-12-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_personnel.php. The manipulation of the argument per_id results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-9399 | 1 Wanglongcn | 1 Yifang | 2025-12-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-12746 | 1 Amazon | 1 Redshift Odbc Driver | 2025-12-11 | N/A | 8.0 HIGH |
| A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0. | |||||
| CVE-2024-12745 | 1 Amazon | 1 Redshift Connector | 2025-12-11 | N/A | 8.0 HIGH |
| A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3. | |||||
| CVE-2025-13248 | 1 Pamzey | 1 Patients Waiting Area Queue Management System | 2025-12-11 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is an unknown function of the file /php/api_patient_schedule.php. This manipulation of the argument appointmentID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2024-27289 | 1 Pgx Project | 1 Pgx | 2025-12-11 | N/A | 8.1 HIGH |
| pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder. | |||||
| CVE-2025-10351 | 2025-12-11 | N/A | N/A | ||
| SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint. | |||||
| CVE-2023-7096 | 1 Carmelogarcia | 1 Faculty Management System | 2025-12-11 | 5.8 MEDIUM | 4.7 MEDIUM |
| A flaw has been found in code-projects Faculty Management System 1.0. The affected element is an unknown function of the file /admin/php/crud.php. This manipulation of the argument fieldname/tablename causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | |||||
| CVE-2025-14245 | 1 Ideacms | 1 Ideacms | 2025-12-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-14090 | 1 Amttgroup | 1 Hibos | 2025-12-10 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmake_down.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-14011 | 1 Jizhicms | 1 Jizhicms | 2025-12-10 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-14012 | 1 Jizhicms | 1 Jizhicms | 2025-12-10 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-14193 | 1 Carmelogarcia | 1 Employee Profile Management System | 2025-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file /view_personnel.php. Executing manipulation of the argument per_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-14203 | 1 Carmelo | 1 Question Paper Generator | 2025-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. | |||||
| CVE-2025-14209 | 1 Campcodes | 1 School File Management System | 2025-12-10 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /update_query.php. This manipulation of the argument stud_id causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-14210 | 1 Projectworlds | 1 Advanced Library Management System | 2025-12-10 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /delete_member.php. Such manipulation of the argument user_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-14211 | 1 Projectworlds | 1 Advanced Library Management System | 2025-12-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /delete_book.php. Performing manipulation of the argument book_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-14212 | 1 Projectworlds | 1 Advanced Library Management System | 2025-12-10 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /member_search.php. Executing manipulation of the argument roll_number can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-14222 | 1 Carmelogarcia | 1 Employee Profile Management System | 2025-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /print_personnel_report.php. This manipulation of the argument per_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-14223 | 1 Carmelo | 1 Simple Leave Manager | 2025-12-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staff_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||