Total
19518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64084 | 1 Magicbug | 1 Cloudlog | 2026-06-17 | N/A | 5.4 MEDIUM |
| An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vucc_details_ajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a remote, authenticated attacker to execute arbitrary SQL commands by injecting a malicious payload, which is then concatenated directly into a raw SQL query in the vucc_qso_details function. | |||||
| CVE-2025-64081 | 1 Pamzey | 1 Patients Waiting Area Queue Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in /php/api_patient_schedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arbitrary SQL commands via the appointmentID parameter. | |||||
| CVE-2025-63948 | 1 Craigtaub | 1 Phpmsadmin | 2026-06-17 | N/A | 5.4 MEDIUM |
| A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation. | |||||
| CVE-2025-63939 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem_name POST parameter. | |||||
| CVE-2025-63878 | 1 Hackerwhale | 1 Restaurant Website Restoran | 2026-06-17 | N/A | 6.5 MEDIUM |
| Github Restaurant Website Restoran v1.0 was discovered to contain a SQL injection vulnerability via the Contact Form page. | |||||
| CVE-2025-63742 | 1 Rockoa | 1 Rockoa | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid parameters. | |||||
| CVE-2025-63740 | 1 Rockoa | 1 Rockoa | 2026-06-17 | N/A | 4.3 MEDIUM |
| SQL Injection vulnerability in function getselectdataAjax in file inputAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the actstr parameter. | |||||
| CVE-2025-63724 | 1 Radioinorr | 1 Svx Portal | 2026-06-17 | N/A | 6.0 MEDIUM |
| SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via crafted POST request to admin/update_setings.php. | |||||
| CVE-2025-63719 | 1 Campcodes | 1 Online Hospital Management System | 2026-06-17 | N/A | 7.3 HIGH |
| Campcodes Online Hospital Management System 1.0 is vulnerable to SQL Injection in /admin/index.php via the parameter username. | |||||
| CVE-2025-63718 | 1 Pamzey | 1 Patients Waiting Area Queue Management System | 2026-06-17 | N/A | 6.5 MEDIUM |
| A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands. | |||||
| CVE-2025-63694 | 1 Dzzoffice | 1 Dzzoffice | 2026-06-17 | N/A | 9.8 CRITICAL |
| DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage. | |||||
| CVE-2025-63689 | 1 Ycf1998 | 1 Money-pos | 2026-06-17 | N/A | 10.0 CRITICAL |
| Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the orderby parameter | |||||
| CVE-2025-63624 | 1 Sdkede | 2 Iot Smart Water Meter, Iot Smart Water Meter Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imei_list.aspx file. | |||||
| CVE-2025-63622 | 1 Fabian | 1 Online Complaint Site | 2026-06-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This manipulation of the argument category causes SQL injection. | |||||
| CVE-2025-63608 | 1 Cszcms | 1 Csz Cms | 2026-06-17 | N/A | 5.4 MEDIUM |
| A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries. | |||||
| CVE-2025-63585 | 1 Opensource-socialnetwork | 1 Open Source Social Network | 2026-06-17 | N/A | 6.5 MEDIUM |
| OSSN (Open Source Social Network) 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter. | |||||
| CVE-2025-63535 | 1 Shridharshukl | 1 Blood Bank Management System | 2026-06-17 | N/A | 9.6 CRITICAL |
| A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system. | |||||
| CVE-2025-63532 | 1 Shridharshukl | 1 Blood Bank Management System | 2026-06-17 | N/A | 9.6 CRITICAL |
| A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system. | |||||
| CVE-2025-63531 | 1 Shridharshukl | 1 Blood Bank Management System | 2026-06-17 | N/A | 10.0 CRITICAL |
| A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, an attacker can bypass authentication and gain unauthorized access to the system. | |||||
| CVE-2025-63512 | 1 Kishan0725 | 1 Hospital Management System | 2026-06-17 | N/A | 6.5 MEDIUM |
| kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic. The application fails to properly sanitize or parameterize user-supplied input from the demail parameter before incorporating it directly into a dynamic SQL query. | |||||