Total
19557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46248 | 2026-06-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard allows SQL Injection.This issue affects Frontend Dashboard: from n/a through <= 2.2.5. | |||||
| CVE-2025-46242 | 1 Kibokolabs | 1 Watu Quiz | 2026-06-17 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Watu Quiz watu allows SQL Injection.This issue affects Watu Quiz: from n/a through <= 3.4.3. | |||||
| CVE-2025-46192 | 1 Lerouxyxchire | 1 Client Database Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter. | |||||
| CVE-2025-46190 | 1 Lerouxyxchire | 1 Client Database Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter. | |||||
| CVE-2025-46189 | 1 Lerouxyxchire | 1 Client Database Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter. | |||||
| CVE-2025-46188 | 1 Lerouxyxchire | 1 Client Database Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php. | |||||
| CVE-2025-46179 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2026-06-17 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries. | |||||
| CVE-2025-46154 | 1 Foxcms | 1 Foxcms | 2026-06-17 | N/A | 8.4 HIGH |
| Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] parameter of installdb.php. | |||||
| CVE-2025-46109 | 1 Pbootcms | 1 Pbootcms | 2026-06-17 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request | |||||
| CVE-2025-46101 | 1 Beakon | 1 Learning Management System Sharable Content Object Reference Model | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a remote attacker to obtain sensitive information via the ks parameter in json_scorm.php file | |||||
| CVE-2025-46053 | 1 Weberp | 1 Weberp | 2026-06-17 | N/A | 5.1 MEDIUM |
| A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php | |||||
| CVE-2025-46052 | 1 Weberp | 1 Weberp | 2026-06-17 | N/A | 9.8 CRITICAL |
| An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php | |||||
| CVE-2025-46011 | 1 Nadh | 1 Listmonk | 2026-06-17 | N/A | 6.5 MEDIUM |
| Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges. | |||||
| CVE-2025-45956 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2026-06-17 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter | |||||
| CVE-2025-45885 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter 'emailcont' and use it directly in SQL queries. | |||||
| CVE-2025-45820 | 1 Slims | 1 Senayan Library Management System Bulian | 2026-06-17 | N/A | 6.5 MEDIUM |
| Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php. | |||||
| CVE-2025-45819 | 1 Slims | 1 Senayan Library Management System Bulian | 2026-06-17 | N/A | 6.5 MEDIUM |
| Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php. | |||||
| CVE-2025-45818 | 1 Slims | 1 Senayan Library Management System Bulian | 2026-06-17 | N/A | 6.5 MEDIUM |
| Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php. | |||||
| CVE-2025-45809 | 1 Litellm | 1 Litellm | 2026-06-17 | N/A | 5.4 MEDIUM |
| SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key parameter to the "/key/block" and "/key/unblock" API endpoints. | |||||
| CVE-2025-45542 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2026-06-17 | N/A | 7.3 HIGH |
| SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. | |||||
