Total
17702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0585 | 1 Aenrich | 1 A\+hrd | 2025-11-17 | N/A | 9.8 CRITICAL |
| The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | |||||
| CVE-2025-10087 | 1 Mayurik | 1 Pet Grooming Management Software | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-63718 | 1 Pamzey | 1 Patients Waiting Area Queue Management System | 2025-11-17 | N/A | 6.5 MEDIUM |
| A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands. | |||||
| CVE-2024-44636 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php. | |||||
| CVE-2024-44639 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php. | |||||
| CVE-2024-44640 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php. | |||||
| CVE-2024-55016 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php. | |||||
| CVE-2025-59499 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2025-11-17 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2024-44630 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
| Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country, state, city, padd, cadd, and gender. | |||||
| CVE-2024-44632 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php. | |||||
| CVE-2024-44633 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php. | |||||
| CVE-2024-13973 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-17 | N/A | 6.8 MEDIUM |
| A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution. | |||||
| CVE-2025-7624 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-17 | N/A | 9.8 CRITICAL |
| An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA. | |||||
| CVE-2025-1389 | 1 Learningdigital | 1 Orca Hcm | 2025-11-17 | N/A | 8.8 HIGH |
| Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents. | |||||
| CVE-2025-12855 | 1 Fabian | 1 Responsive Hotel Site | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security flaw has been discovered in code-projects Responsive Hotel Site 1.0. This issue affects some unknown processing of the file /admin/newsletterdel.php. The manipulation of the argument eid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-12856 | 1 Fabian | 1 Responsive Hotel Site | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-12857 | 1 Fabian | 1 Responsive Hotel Site | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.php. Such manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-12913 | 1 Fabian | 1 Responsive Hotel Site | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A flaw has been found in code-projects Responsive Hotel Site 1.0. This affects an unknown part of the file /admin/roomdel.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2025-12932 | 1 Janobe | 1 Baby Care System | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=inbox. This manipulation of the argument msgid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-12933 | 1 Janobe | 1 Baby Care System | 2025-11-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcome. Such manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | |||||