Total
15088 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5487 | 2025-06-14 | N/A | 7.2 HIGH | ||
| The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the field_conditions parameter in all versions up to, and including, 5.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Administrators can configure the plugin to allow access to this functionality to authors and higher. | |||||
| CVE-2023-46806 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-06-13 | N/A | 6.7 MEDIUM |
| An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | |||||
| CVE-2023-46807 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-06-13 | N/A | 6.7 MEDIUM |
| An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | |||||
| CVE-2025-26241 | 1 Osticket | 1 Osticket | 2025-06-13 | N/A | 6.5 MEDIUM |
| A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination. | |||||
| CVE-2025-45542 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-06-13 | N/A | 7.3 HIGH |
| SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. | |||||
| CVE-2024-57459 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-06-13 | N/A | 7.3 HIGH |
| A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands. | |||||
| CVE-2023-0224 | 1 Givewp | 1 Givewp | 2025-06-13 | N/A | 9.8 CRITICAL |
| The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks | |||||
| CVE-2025-44830 | 1 Engineercms Project | 1 Engineercms | 2025-06-13 | N/A | 9.8 CRITICAL |
| EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface. | |||||
| CVE-2023-29881 | 1 Phpok | 1 Phpok | 2025-06-13 | N/A | 6.5 MEDIUM |
| phpok 6.4.003 is vulnerable to SQL injection in the function index_f() in phpok64/framework/api/call_control.php. | |||||
| CVE-2025-49468 | 2025-06-13 | N/A | N/A | ||
| A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the id_module parameter. | |||||
| CVE-2024-40560 | 1 Project Team | 1 Tmall Demo | 2025-06-13 | N/A | 7.3 HIGH |
| Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2025-41233 | 2025-06-12 | N/A | 6.8 MEDIUM | ||
| Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response with a maximum CVSSv3 base score of 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N . Known Attack Vectors: An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access. Resolution: To remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds: None. Additional Documentation: None. Acknowledgements: VMware would like to thank Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/ for reporting this issue to us. Notes: None. Response Matrix: ProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 31.1.1-2p2 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html NoneNone CWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access. | |||||
| CVE-2025-25426 | 1 Guchengwuyue | 1 Yshopmall | 2025-06-12 | N/A | 7.2 HIGH |
| yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface. | |||||
| CVE-2025-26047 | 1 Olajowon | 1 Loggrove | 2025-06-12 | N/A | 5.1 MEDIUM |
| Loggrove v1.0 is vulnerable to SQL Injection in the read.py file. | |||||
| CVE-2025-45240 | 1 Qianfox | 1 Foxcms | 2025-06-12 | N/A | 6.5 MEDIUM |
| foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php. | |||||
| CVE-2025-44073 | 1 Seacms | 1 Seacms | 2025-06-12 | N/A | 9.8 CRITICAL |
| SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php. | |||||
| CVE-2024-11269 | 1 Mitchelllevy | 1 Ahathat | 2025-06-12 | N/A | 7.2 HIGH |
| The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks. | |||||
| CVE-2024-11267 | 1 Joomlaserviceprovider | 1 Jsp Store Locator | 2025-06-12 | N/A | 8.8 HIGH |
| The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks. | |||||
| CVE-2025-47785 | 1 Emlog | 1 Emlog | 2025-06-12 | N/A | 8.3 HIGH |
| Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. As of time of publication, it is unknown whether a fix exists. | |||||
| CVE-2025-2203 | 1 Funnelkit | 1 Funnel Builder | 2025-06-12 | N/A | 6.1 MEDIUM |
| The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | |||||