Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22290 | 2025-02-16 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition allows SQL Injection. This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through 2.3.11. | |||||
| CVE-2025-26755 | 2025-02-16 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Airbnb Review Slider allows Blind SQL Injection. This issue affects WP Airbnb Review Slider: from n/a through 3.9. | |||||
| CVE-2025-25355 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter. | |||||
| CVE-2022-38923 | 1 Iss-oberlausitz | 1 Bluepage Cms | 2025-02-14 | N/A | 9.8 CRITICAL |
| BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload. | |||||
| CVE-2025-25352 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter. | |||||
| CVE-2025-25354 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | N/A | 7.2 HIGH |
| A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter. | |||||
| CVE-2025-25357 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email POST request parameter. | |||||
| CVE-2025-25356 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter. | |||||
| CVE-2021-39351 | 1 Wp Bannerize Project | 1 Wp Bannerize | 2025-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2. | |||||
| CVE-2020-20915 | 1 Publiccms | 1 Publiccms | 2025-02-14 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. | |||||
| CVE-2020-20914 | 1 Publiccms | 1 Publiccms | 2025-02-14 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. | |||||
| CVE-2020-20913 | 1 Mingsoft | 1 Mcms | 2025-02-14 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter. | |||||
| CVE-2022-31890 | 1 Enhancesoft | 1 Audit Log | 2025-02-13 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function. | |||||
| CVE-2025-24901 | 1 Wegia | 1 Wegia | 2025-02-13 | N/A | 8.8 HIGH |
| WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_permissao.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-24902 | 1 Wegia | 1 Wegia | 2025-02-13 | N/A | 8.8 HIGH |
| WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-24905 | 1 Wegia | 1 Wegia | 2025-02-13 | N/A | 9.8 CRITICAL |
| WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-24957 | 1 Wegia | 1 Wegia | 2025-02-13 | N/A | 9.8 CRITICAL |
| WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_socio.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-24906 | 1 Wegia | 1 Wegia | 2025-02-13 | N/A | 9.8 CRITICAL |
| WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-24958 | 1 Wegia | 1 Wegia | 2025-02-13 | N/A | 8.8 HIGH |
| WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_tag.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-32741 | 1 Itpathsolutions | 1 Contact Form To Any Api | 2025-02-13 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2. | |||||