Total
19555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-41033 | 1 Apprain | 1 Apprain | 2026-06-17 | N/A | 9.8 CRITICAL |
| An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create. | |||||
| CVE-2025-41032 | 1 Apprain | 1 Apprain | 2026-06-17 | N/A | 9.8 CRITICAL |
| An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/. | |||||
| CVE-2025-41029 | 2026-06-17 | N/A | N/A | ||
| SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'. | |||||
| CVE-2025-41028 | 2026-06-17 | N/A | N/A | ||
| A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’. | |||||
| CVE-2025-41019 | 2026-06-17 | N/A | N/A | ||
| SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticket_detail'. | |||||
| CVE-2025-41018 | 1 Sergestec | 1 Exito | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'. | |||||
| CVE-2025-41013 | 1 Tcman | 1 Gim | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'. | |||||
| CVE-2025-41009 | 2026-06-17 | N/A | N/A | ||
| SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data from the database by sending a POST request using the ‘buscame’ parameter in ‘/catalogo_c/catalogo.php’. | |||||
| CVE-2025-41008 | 2026-06-17 | N/A | N/A | ||
| SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/_adm/scripts/modalReport_data.php' endpoint. | |||||
| CVE-2025-41007 | 2026-06-17 | N/A | N/A | ||
| SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint. | |||||
| CVE-2025-41006 | 2026-06-17 | N/A | N/A | ||
| Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’. | |||||
| CVE-2025-41005 | 2026-06-17 | N/A | N/A | ||
| Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchange_offers.php’. | |||||
| CVE-2025-41004 | 2026-06-17 | N/A | N/A | ||
| Imaster's Patient Records Management System is vulnerable to SQL Injection in the endpoint ‘/projects/hospital/admin/complaints.php’ through the ‘id’ parameter. | |||||
| CVE-2025-41002 | 2026-06-17 | N/A | N/A | ||
| SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' parameter in '/components/cart/cartApplyDiscount.php'. | |||||
| CVE-2025-40985 | 2026-06-17 | N/A | N/A | ||
| SQL injection vulnerability in SCATI Vision Web of SCATI Labs from version 4.8 to 7.2. This vulnerability allows an attacker to exfiltrate some data from the database via the ‘login’ parameter in the endpoint ‘/scatevision_web/index.php/loginForm’. | |||||
| CVE-2025-40888 | 1 Nozominetworks | 2 Cmc, Guardian | 2026-06-17 | N/A | 5.3 MEDIUM |
| A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data. | |||||
| CVE-2025-40887 | 1 Nozominetworks | 2 Cmc, Guardian | 2026-06-17 | N/A | 5.3 MEDIUM |
| A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data. | |||||
| CVE-2025-40886 | 1 Nozominetworks | 2 Cmc, Guardian | 2026-06-17 | N/A | 7.5 HIGH |
| A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering their structure and content, and/or affecting their availability. | |||||
| CVE-2025-40885 | 1 Nozominetworks | 2 Cmc, Guardian | 2026-06-17 | N/A | 5.3 MEDIUM |
| A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data. | |||||
| CVE-2025-40755 | 1 Siemens | 1 Sinec Nms | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570) | |||||
