Search Results (19720 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-69307 2 Teconcetheme, Wordpress 2 Medinik Core, Wordpress 2026-04-15 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through <= 1.3.6.
CVE-2025-69305 2 Teconcetheme, Wordpress 2 Crete Core, Wordpress 2026-04-15 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Crete Core crete-core allows Blind SQL Injection.This issue affects Crete Core: from n/a through <= 1.4.3.
CVE-2024-45754 1 Centreon 1 Centreon 2026-04-15 7.2 High
An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11. SQL injection can occur in the listing of configured reporting jobs. Exploitation is only accessible to authenticated users with high-privileged access.
CVE-2024-46532 1 Kancloud 1 Openhis 2026-04-15 9.8 Critical
SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component.
CVE-2025-22371 2026-04-15 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulnerability has been present in the solution before that. The issue was fixed by SicommNet around 11pm on 16 april 2025 (Eastern Time)
CVE-2024-45875 2026-04-15 5.4 Medium
The create user function in baltic-it TOPqw Webportal 1.35.287.1 (fixed in version1.35.291), in /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, is vulnerable to SQL injection. The JSON object username allows the manipulation of SQL queries.
CVE-2024-45876 1 Balticit 1 Topwq 2026-04-15 6.5 Medium
The login form of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.283.4) at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries.
CVE-2025-48735 2026-04-15 4.3 Medium
A SQL Injection issue in the request body processing in BOS IPCs with firmware 21.45.8.2.2_220219 before 21.45.8.2.3_230220 allows remote attackers to obtain sensitive information from the database via crafted input in the request body.
CVE-2025-8536 1 Studio Fabryka 1 Dobrycms 2026-04-15 N/A
A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks. This issue affects older branches of this software.
CVE-2025-43949 2026-04-15 9.8 Critical
MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server.
CVE-2025-1537 2026-04-15 6.3 Medium
A vulnerability was found in Harpia DiagSystem 12. It has been rated as critical. This issue affects some unknown processing of the file /diagsystem/PACS/atualatendimento_jpeg.php. The manipulation of the argument codexame leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2928 1 Genetec 1 Security Center 2026-04-15 7.2 High
SQL Injection affecting the Archiver role.
CVE-2024-33787 2026-04-15 8.2 High
Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQL injection vulnerability via the tuser_Number parameter at search_user.aspx.
CVE-2024-4826 2026-04-15 9.8 Critical
SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. This vulnerability could allow an attacker to retrieve all the information stored in the database by sending a specially crafted SQL query, due to the lack of proper sanitisation of the category_id parameter in the category.php file.
CVE-2024-34988 2026-04-15 9.8 Critical
SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods `AskforaquotemodulcustomernewquoteModuleFrontController::run()`, `AskforaquotemoduladdproductnewquoteModuleFrontController::run()`, `AskforaquotemodulCouponcodeModuleFrontController::run()`, `AskforaquotemodulgetshippingcostModuleFrontController::run()`, `AskforaquotemodulgetstateModuleFrontController::run().`
CVE-2024-4903 2026-04-15 6.3 Medium
A vulnerability was found in Tongda OA 2017. It has been declared as critical. This vulnerability affects unknown code of the file /general/meeting/manage/delete.php. The manipulation of the argument M_ID_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264436. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-28076 1 Easyvirt 2 Co2scope, Dcscope 2026-04-15 6.5 Medium
Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) timeago, (2) user, (3) filter, (4) target, (5) p1, (6) p2, (7) p3, (8) p4, (9) p5, (10) p6, (11) p7, (12) p8, (13) p9, (14) p10, (15) p11, (16) p12, (17) p13, (18) p14, (19) p15, (20) p16, (21) p17, (22) p18, (23) p19, or (24) p20 parameter to /api/management/updateihmsettings; the (25) ID, (26) NAME, (27) CPUTHREADNB, (28) RAMCAP, or (29) DISKCAP parameter to /api/capaplan/savetemplates.
CVE-2025-2117 2026-04-15 6.3 Medium
A vulnerability was found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as critical. Affected by this issue is the function electricDocList of the file /newsedit/report/reportCenter.do. The manipulation of the argument fvID/catID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-55212 2026-04-15 6.5 Medium
DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGo_xBlog/Resource_Service.aspx.
CVE-2024-34993 2026-04-15 6.3 Medium
In the module "Bulk Export products to Google Merchant-Google Shopping" (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection via`GenerateCategories::renderCategories().