Total
19555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-40735 | 1 Siemens | 1 Sinec Nms | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. | |||||
| CVE-2025-40731 | 1 Code-projects | 1 Daily Expense Manager | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pname, pprice and id parameters in /update.php. | |||||
| CVE-2025-40728 | 1 Oretnom23 | 1 Customer Support System | 2026-06-17 | N/A | 8.8 HIGH |
| SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve, create, update and delete databases via the id parameter in the /customer_support/manage_user.php endpoint. | |||||
| CVE-2025-40717 | 1 Quiter | 1 Quiter Gateway | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pagina.filter.categoria mensaje in /QuiterGatewayWeb/api/v1/sucesospagina. | |||||
| CVE-2025-40716 | 1 Quiter | 1 Quiter Gateway | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the suceso.contenido mensaje in /QMSCliente/Sucesos.action. | |||||
| CVE-2025-40715 | 1 Quiter | 1 Quiter Gateway | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo mensaje in /QISClient/api/v1/sucesospaginas. | |||||
| CVE-2025-40714 | 1 Quiter | 1 Quiter Gateway | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo id_factura in /<Client>FacturaE/listado_facturas_ficha.jsp. | |||||
| CVE-2025-40713 | 1 Quiter | 1 Quiter Gateway | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the campo parameter in/<Client>FacturaE/BusquedasFacturasSesion. | |||||
| CVE-2025-40712 | 1 Quiter | 1 Quiter Gateway | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/DescargarFactura. | |||||
| CVE-2025-40711 | 1 Quiter | 1 Quiter Gateway | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/VerFacturaPDF. | |||||
| CVE-2025-40698 | 2026-06-17 | N/A | N/A | ||
| SQL injection vulnerability in Prevengos v2.44 by Nedatec Consulting. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameters “mpsCentroin”, “mpsEmpresa”, “mpsProyecto”, and “mpsContrata” in “/servicios/autorizaciones.asmx/mfsRecuperarListado”. | |||||
| CVE-2025-40692 | 1 Phpgurukul | 1 Online Fire Reporting System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'requestid' parameter in the endpoint '/ofrs/details.php'. | |||||
| CVE-2025-40691 | 1 Phpgurukul | 1 Online Fire Reporting System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'todate' parameter in the endpoint '/ofrs/admin/bwdates-report-result.php'. | |||||
| CVE-2025-40690 | 1 Phpgurukul | 1 Online Fire Reporting System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'teamid' parameter in the endpoint '/ofrs/admin/edit-team.php'. | |||||
| CVE-2025-40689 | 1 Phpgurukul | 1 Online Fire Reporting System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'remark', 'status' and 'requestid' parameters in the endpoint '/ofrs/admin/request-details.php'. | |||||
| CVE-2025-40687 | 1 Phpgurukul | 1 Online Fire Reporting System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'mobilenumber', 'teamleadname' and 'teammember' parameters in the endpoint '/ofrs/admin/add-team.php'. | |||||
| CVE-2025-40682 | 1 Oretnom23 | 1 Human Resource Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint. | |||||
| CVE-2025-40677 | 2026-06-17 | N/A | N/A | ||
| SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”. | |||||
| CVE-2025-40666 | 1 Tcman | 1 Gim | 2026-06-17 | N/A | 9.8 CRITICAL |
| Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx. | |||||
| CVE-2025-40665 | 1 Tcman | 1 Gim | 2026-06-17 | N/A | 9.8 CRITICAL |
| Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx. | |||||
