Vulnerabilities (CVE)

Filtered by CWE-89
Total 19557 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-47567 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video Background universal-video-player-and-bg allows Blind SQL Injection.This issue affects Video Player & FullScreen Video Background: from n/a through <= 2.4.1.
CVE-2025-47544 1 Acowebs 1 Dynamic Pricing With Discount Rules For Woocommerce 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Blind SQL Injection.This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through <= 4.5.8.
CVE-2025-47538 1 Wpdever 1 Cart Tracking For Woocommerce 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdever Cart tracking for WooCommerce cart-tracking-for-woocommerce allows SQL Injection.This issue affects Cart tracking for WooCommerce: from n/a through <= 1.0.17.
CVE-2025-47537 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows SQL Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through <= 5.3.8.
CVE-2025-47490 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows SQL Injection.This issue affects Ultimate WP Mail: from n/a through <= 1.3.4.
CVE-2025-47478 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.0.
CVE-2025-47460 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TrackShip TrackShip for WooCommerce trackship-for-woocommerce allows SQL Injection.This issue affects TrackShip for WooCommerce: from n/a through <= 1.9.1.
CVE-2025-47178 1 Microsoft 1 Configuration Manager 2503 2026-06-17 N/A 8.0 HIGH
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.
CVE-2025-47172 1 Microsoft 2 Sharepoint Enterprise Server, Sharepoint Server 2026-06-17 N/A 8.8 HIGH
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-46828 1 Wegia 1 Wegia 2026-06-17 N/A 9.8 CRITICAL
WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the endpoint `/html/socio/sistema/get_socios.php`, specifically in the query parameter. This issue allows attackers to inject and execute arbitrary SQL statements against the application's underlying database. As a result, it may lead to data exfiltration, authentication bypass, or complete database compromise. Version 3.3.1 fixes the issue.
CVE-2025-46578 1 Zte 1 Zxcloud Goldendb 2026-06-17 N/A 6.5 MEDIUM
There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information.
CVE-2025-46577 1 Zte 1 Zxcloud Goldendb 2026-06-17 N/A 6.5 MEDIUM
There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information.
CVE-2025-46546 1 Sherparpa 1 Sherpa Orchestrator 2026-06-17 N/A 3.5 LOW
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/.
CVE-2025-46539 2026-06-17 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFable Fable Extra fable-extra allows Blind SQL Injection.This issue affects Fable Extra: from n/a through <= 1.0.6.
CVE-2025-46463 2026-06-17 N/A 8.5 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows SQL Injection.This issue affects Mailing Group Listserv: from n/a through <= 3.0.4.
CVE-2025-46460 2026-06-17 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Detheme Easy Guide wp-easy-guide allows SQL Injection.This issue affects Easy Guide: from n/a through <= 1.0.0.
CVE-2025-46455 2026-06-17 N/A 9.3 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IndigoThemes WP HRM LITE wp-hrm-lite-human-resource-management-system allows SQL Injection.This issue affects WP HRM LITE: from n/a through <= 1.1.
CVE-2025-46337 2026-06-17 N/A 10.0 CRITICAL
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. This issue has been patched in version 5.22.9.
CVE-2025-46268 1 Advantech 1 Webaccess\/scada 2026-06-17 N/A 6.3 MEDIUM
Advantech WebAccess/SCADA  is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.
CVE-2025-46252 1 Kofimokome 1 Message Filter For Contact Form 7 2026-06-17 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter allows SQL Injection.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.3.2.