Total
19516 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32834 | 1 Siemens | 1 Telecontrol Server Basic | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariablesWithImport' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | |||||
| CVE-2025-32833 | 1 Siemens | 1 Telecontrol Server Basic | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | |||||
| CVE-2025-32832 | 1 Siemens | 1 Telecontrol Server Basic | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | |||||
| CVE-2025-32831 | 1 Siemens | 1 Telecontrol Server Basic | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | |||||
| CVE-2025-32830 | 1 Siemens | 1 Telecontrol Server Basic | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | |||||
| CVE-2025-32829 | 1 Siemens | 1 Telecontrol Server Basic | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | |||||
| CVE-2025-32828 | 1 Siemens | 1 Telecontrol Server Basic | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | |||||
| CVE-2025-32827 | 1 Siemens | 1 Telecontrol Server Basic | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ActivateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | |||||
| CVE-2025-32826 | 1 Siemens | 1 Telecontrol Server Basic | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetActiveProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | |||||
| CVE-2025-32825 | 1 Siemens | 1 Telecontrol Server Basic | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | |||||
| CVE-2025-32824 | 1 Siemens | 1 Telecontrol Server Basic | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | |||||
| CVE-2025-32823 | 1 Siemens | 1 Telecontrol Server Basic | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | |||||
| CVE-2025-32822 | 1 Siemens | 1 Telecontrol Server Basic | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'DeleteProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. | |||||
| CVE-2025-32814 | 1 Infoblox | 1 Netmri | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur. | |||||
| CVE-2025-32786 | 2026-06-17 | N/A | 7.5 HIGH | ||
| The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1. | |||||
| CVE-2025-32753 | 1 Dell | 1 Powerscale Onefs | 2026-06-17 | N/A | 5.3 MEDIUM |
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering. | |||||
| CVE-2025-32687 | 2026-06-17 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce review-stars-count-for-woocommerce allows SQL Injection.This issue affects Review Stars Count For WooCommerce: from n/a through <= 2.0. | |||||
| CVE-2025-32685 | 2026-06-17 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries wp-inquiries allows SQL Injection.This issue affects WP Inquiries: from n/a through <= 0.2.1. | |||||
| CVE-2025-32681 | 2026-06-17 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer error-log-viewer-wp allows Blind SQL Injection.This issue affects Error Log Viewer: from n/a through <= 1.0.5. | |||||
| CVE-2025-32677 | 2026-06-17 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer social-stream-design allows Blind SQL Injection.This issue affects WP Social Stream Designer: from n/a through <= 1.3. | |||||