Total
18106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25489 | 1 Doditsolutions | 1 Airbnb Clone Script | 2026-03-06 | N/A | 8.2 HIGH |
| Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. Attackers can send GET requests to the rooms/ajax_refresh_subtotal endpoint with malicious hosting_id values to extract sensitive database information or cause denial of service. | |||||
| CVE-2019-25498 | 1 Simplejobscript | 1 Simplejobscript | 2026-03-06 | N/A | 8.2 HIGH |
| Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter. Attackers can send POST requests to the searched endpoint with malicious SQL payloads to bypass authentication and extract sensitive database information. | |||||
| CVE-2019-25499 | 1 Simplejobscript | 1 Simplejobscript | 2026-03-06 | N/A | 8.2 HIGH |
| Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. Attackers can send POST requests to get_job_applications_ajax.php with malicious job_id values to bypass authentication, extract sensitive data, or modify database contents. | |||||
| CVE-2019-25500 | 1 Simplejobscript | 1 Simplejobscript | 2026-03-06 | N/A | 8.2 HIGH |
| Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to extract sensitive data or modify database contents. | |||||
| CVE-2021-31869 | 1 Pimcore | 1 Pimcore | 2026-03-06 | 5.0 MEDIUM | 6.5 MEDIUM |
| Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product. | |||||
| CVE-2020-24932 | 1 Razormist | 1 Complaint Management System | 2026-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php. | |||||
| CVE-2023-0600 | 1 Codepress | 1 Visitor Statistics | 2026-03-06 | N/A | 9.8 CRITICAL |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks. | |||||
| CVE-2022-33965 | 1 Codepress | 1 Visitor Statistics | 2026-03-06 | N/A | 9.3 CRITICAL |
| Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress. | |||||
| CVE-2026-26709 | 1 Carmelo | 1 Simple Gym Management System | 2026-03-06 | N/A | 9.8 CRITICAL |
| code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_search.php. | |||||
| CVE-2021-24750 | 1 Codepress | 1 Visitor Statistics | 2026-03-06 | 6.5 MEDIUM | 8.8 HIGH |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks | |||||
| CVE-2022-0410 | 1 Codepress | 1 Visitor Statistics | 2026-03-06 | 6.5 MEDIUM | 8.8 HIGH |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection | |||||
| CVE-2026-28210 | 1 Sangoma | 1 Freepbx | 2026-03-06 | N/A | 8.8 HIGH |
| FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7. | |||||
| CVE-2026-28284 | 1 Sangoma | 1 Freepbx | 2026-03-06 | N/A | 8.8 HIGH |
| FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5. | |||||
| CVE-2026-22687 | 1 Tencent | 1 Weknora | 2026-03-06 | N/A | 5.6 MEDIUM |
| WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass techniques to evade query restrictions and obtain sensitive information from the target server and database. This issue has been patched in version 0.2.5. | |||||
| CVE-2025-48650 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
| In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48544 | 1 Google | 1 Android | 2026-03-06 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-25501 | 1 Simplejobscript | 1 Simplejobscript | 2026-03-05 | N/A | 8.2 HIGH |
| Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. Attackers can send POST requests to delete_application_ajax.php with crafted payloads to extract sensitive data, bypass authentication, or modify database contents. | |||||
| CVE-2021-35484 | 1 Nokia | 1 Impact | 2026-03-05 | N/A | 8.2 HIGH |
| Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information. | |||||
| CVE-2025-70821 | 1 Renren | 1 Renren-security | 2026-03-05 | N/A | 9.8 CRITICAL |
| renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component | |||||
| CVE-2026-2122 | 1 Xiaopi | 1 Panel | 2026-03-05 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||