Total
14486 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27135 | 1 Infiniflow | 1 Ragflow | 2025-04-22 | N/A | 9.8 CRITICAL |
| RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available. | |||||
| CVE-2022-46117 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-22 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=. | |||||
| CVE-2022-46072 | 1 Helmet Store Showroom Project | 1 Helmet Store Showroom | 2025-04-22 | N/A | 9.8 CRITICAL |
| Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection. | |||||
| CVE-2022-46071 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-22 | N/A | 9.8 CRITICAL |
| There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access. | |||||
| CVE-2022-46126 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-21 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=. | |||||
| CVE-2022-46125 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-21 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=. | |||||
| CVE-2022-46124 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-21 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-46123 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-21 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=. | |||||
| CVE-2025-22928 | 2025-04-21 | N/A | 9.8 CRITICAL | ||
| OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php. | |||||
| CVE-2024-57760 | 1 Jeewms | 1 Jeewms | 2025-04-21 | N/A | 6.5 MEDIUM |
| JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java. | |||||
| CVE-2024-52724 | 1 Zzcms | 1 Zzcms | 2025-04-21 | N/A | 9.8 CRITICAL |
| ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php. | |||||
| CVE-2024-50713 | 1 Smarts-srl | 1 Smart Agent | 2025-04-21 | N/A | 9.8 CRITICAL |
| SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/interface.php. | |||||
| CVE-2024-50716 | 1 Smarts-srl | 1 Smart Agent | 2025-04-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the id parameter in the /sendPushManually.php component. | |||||
| CVE-2022-46127 | 1 Helmet Store Showroom Site Project | 1 Helmet Store Showroom Site | 2025-04-21 | N/A | 7.2 HIGH |
| Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product. | |||||
| CVE-2021-31650 | 1 Online Grading System Project | 1 Online Grading System | 2025-04-21 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter. | |||||
| CVE-2025-3800 | 2025-04-21 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobile_phone leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-39471 | 2025-04-21 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pantherius Modal Survey.This issue affects Modal Survey: from n/a through 2.0.2.0.1. | |||||
| CVE-2025-3818 | 2025-04-21 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3797 | 2025-04-21 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3799 | 2025-04-21 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||