Vulnerabilities (CVE)

Filtered by CWE-89
Total 19555 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-40735 1 Siemens 1 Sinec Nms 2026-06-17 N/A 8.8 HIGH
A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.
CVE-2025-40731 1 Code-projects 1 Daily Expense Manager 2026-06-17 N/A 9.8 CRITICAL
SQL injection vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pname, pprice and id parameters in /update.php.
CVE-2025-40728 1 Oretnom23 1 Customer Support System 2026-06-17 N/A 8.8 HIGH
SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve, create, update and delete databases via the id parameter in the /customer_support/manage_user.php endpoint.
CVE-2025-40717 1 Quiter 1 Quiter Gateway 2026-06-17 N/A 9.8 CRITICAL
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pagina.filter.categoria mensaje in /QuiterGatewayWeb/api/v1/sucesospagina.
CVE-2025-40716 1 Quiter 1 Quiter Gateway 2026-06-17 N/A 9.8 CRITICAL
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action.
CVE-2025-40715 1 Quiter 1 Quiter Gateway 2026-06-17 N/A 9.8 CRITICAL
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo mensaje in /QISClient/api/v1/sucesospaginas.
CVE-2025-40714 1 Quiter 1 Quiter Gateway 2026-06-17 N/A 9.8 CRITICAL
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo id_factura in /<Client>FacturaE/listado_facturas_ficha.jsp.
CVE-2025-40713 1 Quiter 1 Quiter Gateway 2026-06-17 N/A 9.8 CRITICAL
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo parameter in/<Client>FacturaE/BusquedasFacturasSesion.
CVE-2025-40712 1 Quiter 1 Quiter Gateway 2026-06-17 N/A 9.8 CRITICAL
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/DescargarFactura.
CVE-2025-40711 1 Quiter 1 Quiter Gateway 2026-06-17 N/A 9.8 CRITICAL
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/VerFacturaPDF.
CVE-2025-40698 2026-06-17 N/A N/A
SQL injection vulnerability in Prevengos v2.44 by Nedatec Consulting. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameters “mpsCentroin”, “mpsEmpresa”, “mpsProyecto”, and “mpsContrata” in “/servicios/autorizaciones.asmx/mfsRecuperarListado”.
CVE-2025-40692 1 Phpgurukul 1 Online Fire Reporting System 2026-06-17 N/A 9.8 CRITICAL
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'requestid' parameter in the endpoint '/ofrs/details.php'.
CVE-2025-40691 1 Phpgurukul 1 Online Fire Reporting System 2026-06-17 N/A 9.8 CRITICAL
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'todate' parameter in the endpoint '/ofrs/admin/bwdates-report-result.php'.
CVE-2025-40690 1 Phpgurukul 1 Online Fire Reporting System 2026-06-17 N/A 9.8 CRITICAL
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'teamid' parameter in the endpoint '/ofrs/admin/edit-team.php'.
CVE-2025-40689 1 Phpgurukul 1 Online Fire Reporting System 2026-06-17 N/A 9.8 CRITICAL
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'remark', 'status' and 'requestid' parameters in the endpoint '/ofrs/admin/request-details.php'.
CVE-2025-40687 1 Phpgurukul 1 Online Fire Reporting System 2026-06-17 N/A 9.8 CRITICAL
SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'mobilenumber', 'teamleadname' and 'teammember' parameters in the endpoint '/ofrs/admin/add-team.php'.
CVE-2025-40682 1 Oretnom23 1 Human Resource Management System 2026-06-17 N/A 9.8 CRITICAL
SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.
CVE-2025-40677 2026-06-17 N/A N/A
SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”.
CVE-2025-40666 1 Tcman 1 Gim 2026-06-17 N/A 9.8 CRITICAL
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx.
CVE-2025-40665 1 Tcman 1 Gim 2026-06-17 N/A 9.8 CRITICAL
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx.