Total
17372 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11111 | 1 Campcodes | 1 Advanced Online Voting System | 2025-10-02 | 7.3 High |
| A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/candidates_edit.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-11114 | 1 Codeastro | 1 Online Leave Application | 2025-10-02 | 6.3 Medium |
| A flaw has been found in CodeAstro Online Leave Application 1.0. Affected by this vulnerability is an unknown functionality of the file /leaveAplicationForm.php. Executing manipulation of the argument absence[] can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2024-57098 | 1 Deep-project | 1 Moss | 2025-10-02 | 9.8 Critical |
| Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter. | ||||
| CVE-2025-27261 | 1 Ericsson | 2 Indoor Connect 8855, Indoor Connect 8855 Firmware | 2025-10-02 | 9.8 Critical |
| Ericsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data. | ||||
| CVE-2025-43022 | 1 Hp | 1 Poly Clariti Manager | 2025-10-02 | 7.2 High |
| A potential SQL injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow a privileged user to execute SQL commands. HP has addressed the issue in the latest software update. | ||||
| CVE-2024-52057 | 1 Rti | 1 Connext Professional | 2025-10-02 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0, from 6.1.0 before 6.1.2.17, from 6.0.0 before 6.0.*, from 5.2.0 before 5.3.*. | ||||
| CVE-2023-6648 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2025-10-02 | 7.3 High |
| A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username/contactno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9669 | 1 Jinher | 1 Jinher Oa | 2025-10-01 | 7.3 High |
| A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-50928 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-10-01 | 4.8 Medium |
| Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function. | ||||
| CVE-2025-7200 | 1 Krishna9772 | 1 Pharmacy Management System | 2025-10-01 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in krishna9772 Pharmacy Management System up to a2efc8442931ec9308f3b4cf4778e5701153f4e5. Affected is an unknown function of the file quantity_upd.php. The manipulation of the argument med_name/med_cat/ex_date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2025-51825 | 2 Guojusoft, Jeecg | 2 Jeecgboot, Jeecgboot | 2025-10-01 | 6.5 Medium |
| JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions. | ||||
| CVE-2025-50383 | 2 Alextselegidis, Easyappointments | 2 Easyappointments, Easy\!appointments | 2025-10-01 | 8.1 High |
| alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter. | ||||
| CVE-2024-11837 | 1 Plextrac | 1 Plextrac | 2025-10-01 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | ||||
| CVE-2024-53900 | 2 Automattic, Mongoosejs | 2 Mongoose, Mongoose | 2025-10-01 | 9.1 Critical |
| Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. | ||||
| CVE-2025-24490 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-10-01 | 9.6 Critical |
| Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to use prepared statements in the SQL query of boards reordering which allows an attacker to retrieve data from the database, via a SQL injection when reordering specially crafted boards categories. | ||||
| CVE-2024-44756 | 2 Erp, Nuserp | 2 Management Software, Nus-m9 Erp | 2025-10-01 | 9.8 Critical |
| NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin. | ||||
| CVE-2025-6276 | 1 Brilliance | 1 Golden Link Secondary System | 2025-09-30 | 6.3 Medium |
| A vulnerability was found in Brilliance Golden Link Secondary System up to 20250609. It has been rated as critical. Affected by this issue is some unknown functionality of the file /storagework/rentTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6277 | 1 Brilliance | 1 Golden Link Secondary System | 2025-09-30 | 6.3 Medium |
| A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /storagework/custTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-29169 | 1 Dell | 3 Secure Connect Gateway, Secure Connect Gateway Appliance, Secure Connect Gateway Application | 2025-09-30 | 5.4 Medium |
| Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. | ||||
| CVE-2024-1833 | 2 Sourcecodester, Walterjnr1 | 2 Employee Management System, Employee Management System | 2025-09-30 | 7.3 High |
| A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Account/login.php. The manipulation of the argument txtusername/txtphone leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||