Total
16754 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47902 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2025-10-28 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5. | |||||
| CVE-2025-8709 | 2025-10-28 | N/A | 7.3 HIGH | ||
| A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators ($eq, $ne, $gt, $lt, $gte, $lte) where direct string concatenation is used without proper parameterization. This allows attackers to inject arbitrary SQL, leading to unauthorized access to all documents, data exfiltration of sensitive fields such as passwords and API keys, and a complete bypass of application-level security filters. | |||||
| CVE-2025-34304 | 2025-10-28 | N/A | N/A | ||
| IPFire versions prior to 2.29 (Core Update 198) contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTION_NAME parameter. When viewing a range of OpenVPN connection logs, the application issues an HTTP POST request to the Request-URI /cgi-bin/logs.cgi/ovpnclients.dat and inserts the value of the CONNECTION_NAME parameter directly into the WHERE clause without proper sanitization or parameterization. The unsanitized value can alter the executed query and be used to disclose sensitive information from the database. | |||||
| CVE-2025-12325 | 2025-10-28 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-12316 | 2025-10-28 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was identified in code-projects Courier Management System 1.0. This impacts an unknown function of the file /courier/edit-courier.php. The manipulation of the argument OfficeName leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-12208 | 1 Mayurik | 1 Best House Rental Management System | 2025-10-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /admin_class.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-11735 | 2025-10-28 | N/A | 7.5 HIGH | ||
| The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all versions up to, and including, 1.3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-12215 | 1 Projectworlds | 1 Online Shopping System | 2025-10-28 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /login_submit.php. Executing manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-12226 | 1 Mayurik | 1 Best House Rental Management System | 2025-10-28 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performing manipulation of the argument house_no results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | |||||
| CVE-2025-12242 | 1 Codeastro | 1 Gym Management System | 2025-10-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-12243 | 1 Fabian | 1 Client Details System | 2025-10-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the file clientdetails/welcome.php of the component GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-12252 | 1 Carmelo | 1 Online Event Judging System | 2025-10-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-12253 | 1 Amttgroup | 1 Hibos | 2025-10-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/portal/get_expiredtime.php. This manipulation of the argument uid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12254 | 1 Carmelo | 1 Online Event Judging System | 2025-10-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected by this issue is some unknown functionality of the file /add_judge.php. Such manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-12255 | 1 Carmelo | 1 Online Event Judging System | 2025-10-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown part of the file /add_contestant.php. Performing manipulation of the argument fullname results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-12256 | 1 Carmelo | 1 Online Event Judging System | 2025-10-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in code-projects Online Event Judging System 1.0. This vulnerability affects unknown code of the file /edit_contestant.php. Executing manipulation of the argument contestant_id can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-12257 | 1 Oretnom23 | 1 Online Student Result System | 2025-10-28 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in SourceCodester Online Student Result System 1.0. This issue affects some unknown processing of the file /view_result.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-12261 | 1 Codeastro | 1 Gym Management System | 2025-10-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in CodeAstro Gym Management System 1.0. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-12262 | 1 Carmelo | 1 Online Event Judging System | 2025-10-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /edit_criteria.php. Executing manipulation of the argument crit_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-12263 | 1 Carmelo | 1 Online Event Judging System | 2025-10-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /edit_judge.php. The manipulation of the argument judge_id leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | |||||