Total
19557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52822 | 2026-06-17 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WP Roadmap wp-roadmap allows SQL Injection.This issue affects WP Roadmap: from n/a through <= 2.1.3. | |||||
| CVE-2025-52821 | 2026-06-17 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager video-list-manager allows SQL Injection.This issue affects Video List Manager: from n/a through <= 1.7. | |||||
| CVE-2025-52820 | 2026-06-17 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale (POS): from n/a through <= 1.4. | |||||
| CVE-2025-52819 | 2026-06-17 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pakkemx Pakke Envíos pakke allows SQL Injection.This issue affects Pakke Envíos: from n/a through <= 1.0.2. | |||||
| CVE-2025-52773 | 2026-06-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through <= 1.5.11. | |||||
| CVE-2025-52722 | 2026-06-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoinWebs Classiera classiera allows SQL Injection.This issue affects Classiera: from n/a through <= 4.0.34. | |||||
| CVE-2025-52720 | 2026-06-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super Store Finder: from n/a through <= 7.5. | |||||
| CVE-2025-52717 | 1 Lifterlms | 1 Lifterlms | 2026-06-17 | N/A | 9.3 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chrisbadgett LifterLMS lifterlms allows SQL Injection.This issue affects LifterLMS: from n/a through <= 8.0.6. | |||||
| CVE-2025-52714 | 2026-06-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows SQL Injection.This issue affects Traveler: from n/a through < 3.2.2. | |||||
| CVE-2025-52694 | 1 Advantech | 5 Iot Edge Linux Docker, Iot Edge Windows, Iotsuite Growth Linux Docker and 2 more | 2026-06-17 | N/A | 10.0 CRITICAL |
| Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately. | |||||
| CVE-2025-52664 | 1 Revive-adserver | 1 Revive Adserver | 2026-06-17 | N/A | 8.8 HIGH |
| SQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by logged in users | |||||
| CVE-2025-52646 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 2.2 LOW |
| HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions. | |||||
| CVE-2025-52637 | 1 Hcl | 1 Aion | 2026-06-17 | N/A | 4.5 MEDIUM |
| HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions. | |||||
| CVE-2025-52618 | 1 Hcltech | 1 Bigfix Saas | 2026-06-17 | N/A | 4.3 MEDIUM |
| HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries. | |||||
| CVE-2025-52577 | 1 Advantech | 1 Iview | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account. | |||||
| CVE-2025-52474 | 1 Wegia | 1 Wegia | 2026-06-17 | N/A | 9.8 CRITICAL |
| WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. This issue has been patched in version 3.4.2. | |||||
| CVE-2025-52472 | 2026-06-17 | N/A | N/A | ||
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the `orderField` parameter. The specified value is added twice in the query, though, once in the field list for the select and once in the order clause, so it's not that easy to exploit. The part of the query between the two fields can be enclosed in single quotes to effectively remove them, but the query still needs to remain valid with the query two times in it. This has been patched in versions 17.5.0, 17.4.2, and 16.10.9. No known workarounds are available. | |||||
| CVE-2025-52425 | 1 Qnap | 1 Qumagie | 2026-06-17 | N/A | 9.8 CRITICAL |
| An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QuMagie 2.7.0 and later | |||||
| CVE-2025-52410 | 1 Vishalmathur | 1 Institute-of-current-students | 2026-06-17 | N/A | 9.8 CRITICAL |
| Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. The `myds` GET parameter is not adequately sanitized before being used in SQL queries. | |||||
| CVE-2025-52390 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges. | |||||
