Total
18673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-40677 | 2026-04-15 | N/A | N/A | ||
| SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”. | |||||
| CVE-2024-44541 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin." | |||||
| CVE-2025-11452 | 2026-04-15 | N/A | 7.5 HIGH | ||
| The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$_COOKIE['asgarosforum_unread_exclude']' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-10121 | 2026-04-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kami_list. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2019-25299 | 2026-04-15 | N/A | 7.1 HIGH | ||
| RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection techniques to extract information or potentially interact with the underlying database. | |||||
| CVE-2024-43969 | 2026-04-15 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12. | |||||
| CVE-2025-9150 | 2026-04-15 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-9149 | 2026-04-15 | N/A | 8.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection.This issue affects E-Commerce Website Template: before v1.5. | |||||
| CVE-2025-6753 | 2026-04-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in huija bicycleSharingServer 1.0 and classified as critical. This issue affects the function selectAdminByNameLike of the file AdminController.java. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-54294 | 2026-04-15 | N/A | N/A | ||
| A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands. | |||||
| CVE-2025-10726 | 2026-04-15 | N/A | 9.1 CRITICAL | ||
| The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'data[id]' parameter in all versions up to, and including, 2.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Additionally, the result of this SQL injection is passed directly to PHP's unlink() function, allowing attackers to delete arbitrary files on the server by injecting file paths through the SQL query. | |||||
| CVE-2024-3370 | 2026-04-15 | N/A | 8.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Website Template allows SQL Injection.This issue affects Website Template: before 29.04.2024. | |||||
| CVE-2025-11204 | 2026-04-15 | N/A | 7.2 HIGH | ||
| The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.0.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. An unauthenticated attacker could utilize an injected Cross-Site Scripting via user-agent on form submission to leverage this to achieve Reflected Cross-Site Scripting. | |||||
| CVE-2026-0501 | 2026-04-15 | N/A | 9.9 CRITICAL | ||
| Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity, and availability of the application. | |||||
| CVE-2024-43040 | 2026-04-15 | N/A | 9.1 CRITICAL | ||
| Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo. | |||||
| CVE-2025-8416 | 2026-04-15 | N/A | 7.5 HIGH | ||
| The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-9085 | 2026-04-15 | N/A | 4.9 MEDIUM | ||
| The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-13495 | 2026-04-15 | N/A | 4.9 MEDIUM | ||
| The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-11460 | 2026-04-15 | N/A | 7.5 HIGH | ||
| The Verowa Connect plugin for WordPress is vulnerable to SQL Injection via the 'search_string' parameter in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2026-2236 | 2026-04-15 | N/A | 7.5 HIGH | ||
| C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | |||||