Total
17351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34472 | 2 Hsc, Hsclabs | 2 Mailinspector, Mailinspector | 2025-11-25 | 5.5 Medium |
| An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database. | ||||
| CVE-2024-8395 | 1 Flycass | 1 Flycass | 2025-11-25 | 9.8 Critical |
| FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication. | ||||
| CVE-2025-9085 | 2025-11-25 | 4.9 Medium | ||
| The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-7826 | 1 Wordpress | 1 Wordpress | 2025-11-25 | 6.5 Medium |
| The Testimonial plugin for WordPress is vulnerable to SQL Injection via the 'iNICtestimonial' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-62391 | 1 Ivanti | 1 Endpoint Manager | 2025-11-25 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62383 | 1 Ivanti | 1 Endpoint Manager | 2025-11-25 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-40755 | 1 Siemens | 2 Sinec-nms, Sinec Nms | 2025-11-25 | 8.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570) | ||||
| CVE-2025-10660 | 1 Wordpress | 1 Wordpress | 2025-11-25 | 6.5 Medium |
| The WP Dashboard Chat plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-10045 | 1 Wordpress | 1 Wordpress | 2025-11-25 | 4.9 Medium |
| The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2022-2679 | 1 Janobe | 1 Interview Management System | 2025-11-25 | 6.3 Medium |
| A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT (ELT(9729=9729,1))),0x7162766a71),7319)) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205667. | ||||
| CVE-2022-38260 | 1 Janobe | 1 Interview Management System | 2025-11-25 | 7.2 High |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=. | ||||
| CVE-2022-38255 | 1 Janobe | 1 Interview Management System | 2025-11-25 | 7.2 High |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /interview/editQuestion.php. | ||||
| CVE-2022-38576 | 1 Janobe | 1 Interview Management System | 2025-11-25 | 7.2 High |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=. | ||||
| CVE-2025-10037 | 2 Fifu, Wordpress | 2 Featured Image From Url, Wordpress | 2025-11-24 | 4.9 Medium |
| The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to SQL Injection via the get_posts_with_internal_featured_image() function in all versions up to, and including, 5.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-10036 | 2 Fifu, Wordpress | 2 Featured Image From Url, Wordpress | 2025-11-24 | 4.9 Medium |
| The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to SQL Injection via the get_all_urls() function in all versions up to, and including, 5.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-9198 | 1 Wordpress | 1 Wordpress | 2025-11-24 | 6.5 Medium |
| The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-9199 | 2 Gopiplus, Wordpress | 2 Woo Superb Slideshow Transition Gallery, Wordpress | 2025-11-24 | 6.5 Medium |
| The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-62388 | 1 Ivanti | 1 Endpoint Manager | 2025-11-24 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62387 | 1 Ivanti | 1 Endpoint Manager | 2025-11-24 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62385 | 1 Ivanti | 1 Endpoint Manager | 2025-11-24 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||