Total
18714 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8503 | 1 Vicidial | 1 Vicidial | 2026-04-15 | 9.8 Critical |
| An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database. | ||||
| CVE-2025-10184 | 2 Google, Oneplus | 2 Android, Oxygenos | 2026-04-15 | N/A |
| The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks. The root cause is a combination of missing permissions for write operations in several content providers (com.android.providers.telephony.PushMessageProvider, com.android.providers.telephony.PushShopProvider, com.android.providers.telephony.ServiceNumberProvider), and a blind SQL injection in the update method of those providers. | ||||
| CVE-2020-37154 | 1 Tripath Project | 1 Election | 2026-04-15 | 7.1 High |
| eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory. | ||||
| CVE-2024-45600 | 2026-04-15 | 7.7 High | ||
| Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13. | ||||
| CVE-2024-45622 | 1 Asis | 1 Asis | 2026-04-15 | 9.8 Critical |
| ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass. | ||||
| CVE-2025-30876 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows SQL Injection.This issue affects Ads by WPQuads: from n/a through <= 2.0.87.1. | ||||
| CVE-2025-43833 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amir Helzer Absolute Links absolute-links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through <= 1.1.1. | ||||
| CVE-2025-67928 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themesuite Automotive Listings automotive allows Blind SQL Injection.This issue affects Automotive Listings: from n/a through <= 18.6. | ||||
| CVE-2025-10095 | 1 Smseagle | 1 Smseagle | 2026-04-15 | N/A |
| A SQL injection vulnerability has been identified in the SMPP server component of the SMSEagle firmware, specifically affecting the handling of certain parameters within the server's database interactions. The vulnerability is isolated to the SMPP server, which operates with its own dedicated database, separate from the main software's database. This isolation limits the scope of the vulnerability to the SMPP server's operations. The vulnerability arises from improper sanitization of user input in the SMPP server's scripts. This issue has been fixed in version 6.11. | ||||
| CVE-2025-30765 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPPOOL FlexStock stock-sync-with-google-sheet-for-woocommerce allows Blind SQL Injection.This issue affects FlexStock: from n/a through <= 3.13.1. | ||||
| CVE-2025-67950 | 2 Syed Balkhi, Wordpress | 2 All In One Seo Pack, Wordpress | 2026-04-15 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through <= 4.9.1. | ||||
| CVE-2025-10142 | 2 Woocommerce, Wordpress | 2 Woocommerce, Wordpress | 2026-04-15 | 4.9 Medium |
| The PagBank / PagSeguro Connect para WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'status' parameter in all versions up to, and including, 4.44.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-10144 | 2 Quadlayers, Wordpress | 2 Perfect Brands For Woocommerce, Wordpress | 2026-04-15 | 6.5 Medium |
| The Perfect Brands for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the `brands` attribute of the `products` shortcode in all versions up to, and including, 3.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-30807 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martin Nguyen Next-Cart Store to WooCommerce Migration nextcart-woocommerce-migration allows SQL Injection.This issue affects Next-Cart Store to WooCommerce Migration: from n/a through <= 3.9.4. | ||||
| CVE-2025-30810 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Blind SQL Injection.This issue affects Lead Form Data Collection to CRM: from n/a through <= 3.0.1. | ||||
| CVE-2024-8308 | 1 Siempelkamp | 1 Umweltoffice | 2026-04-15 | 6.5 Medium |
| A low privileged remote attacker can insert a SQL injection in the web application due to improper handling of HTTP request input data which allows to exfiltrate all data. | ||||
| CVE-2024-23843 | 2026-04-15 | 2.2 Low | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Genians Genian NAC V5.0, Genians Genian NAC LTS V5.0.This issue affects Genian NAC V5.0: from V5.0.0 through V5.0.60; Genian NAC LTS V5.0: from 5.0.0 LTS through 5.0.55 LTS(Revision 125558), from 5.0.0 LTS through 5.0.56 LTS(Revision 125560). | ||||
| CVE-2024-4423 | 2026-04-15 | 7.2 High | ||
| The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass. An attacker who has network access to the login panel can log in with administrator rights to the application.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products. | ||||
| CVE-2025-30590 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dourou Flickr set slideshows flickr-set-slideshows allows SQL Injection.This issue affects Flickr set slideshows: from n/a through <= 0.9. | ||||
| CVE-2025-10046 | 2 Woocommerce, Wordpress | 2 Woocommerce, Wordpress | 2026-04-15 | 4.9 Medium |
| The ELEX WooCommerce Google Shopping (Google Product Feed) plugin for WordPress is vulnerable to SQL Injection via the 'file_to_delete' parameter in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||