Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35326 | 1 Inxedu | 1 Inxedu | 2025-04-04 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu 2.0.6 via the id value. | |||||
| CVE-2024-4595 | 1 Sem-cms | 1 Semcms | 2025-04-04 | N/A | 6.5 MEDIUM |
| A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263317 was assigned to this vulnerability. | |||||
| CVE-2024-13193 | 1 Sem-cms | 1 Semcms | 2025-04-04 | N/A | 4.9 MEDIUM |
| A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library Management Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-32204 | 2025-04-04 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in rocketelements Split Test For Elementor allows SQL Injection. This issue affects Split Test For Elementor: from n/a through 1.8.2. | |||||
| CVE-2025-32124 | 2025-04-04 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager allows Blind SQL Injection. This issue affects Behance Portfolio Manager: from n/a through 1.7.4. | |||||
| CVE-2025-32122 | 2025-04-04 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing allows Blind SQL Injection. This issue affects uListing: from n/a through 2.1.9. | |||||
| CVE-2025-32203 | 2025-04-04 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in manu225 Falling things allows SQL Injection. This issue affects Falling things: from n/a through 1.08. | |||||
| CVE-2025-32126 | 2025-04-04 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cmsMinds Pay with Contact Form 7 allows SQL Injection. This issue affects Pay with Contact Form 7: from n/a through 1.0.4. | |||||
| CVE-2025-32148 | 2025-04-04 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daisycon Daisycon prijsvergelijkers allows SQL Injection. This issue affects Daisycon prijsvergelijkers: from n/a through 4.8.4. | |||||
| CVE-2025-32120 | 2025-04-04 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erick Danzer Easy Query – WP Query Builder allows Blind SQL Injection. This issue affects Easy Query – WP Query Builder: from n/a through 2.0.4. | |||||
| CVE-2025-32127 | 2025-04-04 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in onOffice GmbH onOffice for WP-Websites allows SQL Injection. This issue affects onOffice for WP-Websites: from n/a through 5.7. | |||||
| CVE-2025-32121 | 2025-04-04 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows SQL Injection. This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.3. | |||||
| CVE-2025-32125 | 2025-04-04 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silvasoft Silvasoft boekhouden allows SQL Injection. This issue affects Silvasoft boekhouden: from n/a through 3.0.1. | |||||
| CVE-2021-43084 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter. | |||||
| CVE-2022-47740 | 1 Seltmann-webdesign | 1 Content Management System | 2025-04-04 | N/A | 9.8 CRITICAL |
| Seltmann GmbH Content Management System 6 is vulnerable to SQL Injection via /index.php. | |||||
| CVE-2025-31403 | 2025-04-04 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through 4.0.3. | |||||
| CVE-2022-47745 | 1 Easycorp | 1 Zentao | 2025-04-04 | N/A | 8.8 HIGH |
| ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice. | |||||
| CVE-2025-2317 | 2025-04-04 | N/A | 7.5 HIGH | ||
| The Product Filter by WBW plugin for WordPress is vulnerable to time-based SQL Injection via the filtersDataBackend parameter in all versions up to, and including, 2.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2023-23489 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2025-04-03 | N/A | 9.8 CRITICAL |
| The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action. | |||||
| CVE-2023-23492 | 1 Idehweb | 1 Login With Phone Number | 2025-04-03 | N/A | 8.8 HIGH |
| The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action. | |||||