Total
19556 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-57529 | 1 Youdatasum | 1 Cpas Audit Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could lead to unauthorized data access | |||||
| CVE-2025-57515 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows remote attackers to inject arbitrary SQL commands via vulnerable input fields, enabling the execution of time-delay functions to infer database responses. | |||||
| CVE-2025-57423 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a crafted GET request, potentially leading to information disclosure or manipulation of the database. | |||||
| CVE-2025-57263 | 1 Phpversion | 1 Vx Guestbook | 2026-06-17 | N/A | 7.2 HIGH |
| An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php admin panel. | |||||
| CVE-2025-57254 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System (HMS) 1.0 allows remote attackers to execute arbitrary SQL queries via the username and password POST parameters. The application fails to properly sanitize input before embedding it into SQL queries, leading to unauthorized access or potential data breaches. This can result in privilege escalation, account takeover, or exposure of sensitive medical data. | |||||
| CVE-2025-57149 | 1 Phpgurukul | 1 Complaint Management System | 2026-06-17 | N/A | 6.5 MEDIUM |
| phpgurukul Complaint Management System 2.0 is vulnerable to SQL Injection in /complaint-details.php via the cid parameter. | |||||
| CVE-2025-57147 | 1 Phpgurukul | 1 Complaint Management System | 2026-06-17 | N/A | 7.5 HIGH |
| A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php. | |||||
| CVE-2025-57146 | 1 Phpgurukul | 1 Complaint Management System | 2026-06-17 | N/A | 8.1 HIGH |
| phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter. | |||||
| CVE-2025-57140 | 1 Ruisitech | 1 Ruisibi | 2026-06-17 | N/A | 9.8 CRITICAL |
| rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path. | |||||
| CVE-2025-57104 | 1 Zeon | 1 Teampel | 2026-06-17 | N/A | 5.4 MEDIUM |
| Teampel 5.1.6 is vulnerable to SQL Injection in /Common/login.aspx. | |||||
| CVE-2025-56700 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows a low level priviliged user that has access to the platform, to execute arbitrary SQL commands via the datafine parameter. | |||||
| CVE-2025-56699 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows an unauthenticated user to execute arbitrary SQL commands via the sender parameter. | |||||
| CVE-2025-56630 | 1 Foxcms | 1 Foxcms | 2026-06-17 | N/A | 7.3 HIGH |
| FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Column.php file. | |||||
| CVE-2025-56450 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the `lead_id` parameter in the `/l2s/api/selfcareLeadHistory` endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulting in the execution of arbitrary SQL queries. The backend fails to sanitize the user input, allowing enumeration of database schemas, table names, and potentially leading to full database compromise. | |||||
| CVE-2025-56435 | 1 Foxcms | 1 Foxcms | 2026-06-17 | N/A | 5.3 MEDIUM |
| SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file /DataBackup.php and the operation on the parameter id. | |||||
| CVE-2025-56421 | 1 Limesurvey | 1 Limesurvey | 2026-06-17 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database. | |||||
| CVE-2025-56407 | 1 Utcms Project | 1 Utcms | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/mysql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-56401 | 1 Ziragroup | 1 Wbrm | 2026-06-17 | N/A | 7.6 HIGH |
| ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName. | |||||
| CVE-2025-56385 | 1 Wellsky | 1 Harmony | 2026-06-17 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to authentication bypass, data leakage, or full system compromise of backend database contents. | |||||
| CVE-2025-56381 | 1 Frappe | 2 Erpnext, Frappe | 2026-06-17 | N/A | 6.5 MEDIUM |
| ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters. | |||||
