Total
15088 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9879 | 1 Melapress | 1 Melapress File Monitor | 2025-06-12 | N/A | 5.4 MEDIUM |
| The Melapress File Monitor WordPress plugin before 2.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | |||||
| CVE-2024-9838 | 1 Flamescorpion | 1 Auto Affiliate Links | 2025-06-12 | N/A | 5.4 MEDIUM |
| The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | |||||
| CVE-2024-9831 | 1 Taskbuilder | 1 Taskbuilder | 2025-06-12 | N/A | 7.2 HIGH |
| The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | |||||
| CVE-2025-4863 | 1 Advayasoftech | 1 Gems Erp Portal | 2025-06-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in Advaya Softech GEMS ERP Portal 2.1. This affects an unknown part of the file /studentLogin/studentLogin.action. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4940 | 1 1000projects | 1 Daily College Class Work Report Book | 2025-06-12 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admin_info.php. The manipulation of the argument batch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-26086 | 1 Rsiqueue | 1 Management System | 2025-06-12 | N/A | 7.5 HIGH |
| An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication. | |||||
| CVE-2025-5857 | 1 Fabianros | 1 Patient Record Management System | 2025-06-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /urinalysis_record.php. The manipulation of the argument itr_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-49467 | 2025-06-12 | N/A | N/A | ||
| A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges. | |||||
| CVE-2024-32888 | 2025-06-12 | N/A | 10.0 CRITICAL | ||
| The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform, Enterprise Editions. Prior to version 2.1.0.28, SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that `preferQueryMode` is not a supported parameter in Redshift JDBC driver, and is inherited code from Postgres JDBC driver. Users who do not override default settings to utilize this unsupported query mode are not affected. This issue is patched in driver version 2.1.0.28. As a workaround, do not use the connection property `preferQueryMode=simple`. (NOTE: Those who do not explicitly specify a query mode use the default of extended query mode and are not affected by this issue.) | |||||
| CVE-2024-1597 | 2 Fedoraproject, Postgresql | 2 Fedora, Postgresql Jdbc Driver | 2025-06-12 | N/A | 10.0 CRITICAL |
| pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected. | |||||
| CVE-2025-5881 | 2025-06-12 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in code-projects Chat System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /user/confirm_password.php. The manipulation of the argument cid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-31059 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in woobewoo WBW Product Table PRO allows SQL Injection. This issue affects WBW Product Table PRO: from n/a through 2.1.3. | |||||
| CVE-2025-47651 | 2025-06-12 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global allows SQL Injection. This issue affects Infility Global: from n/a through 2.12.4. | |||||
| CVE-2025-48122 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows SQL Injection. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37. | |||||
| CVE-2025-47608 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows SQL Injection. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.5. | |||||
| CVE-2025-48281 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer allows Blind SQL Injection. This issue affects MyStyle Custom Product Designer: from n/a through 3.21.1. | |||||
| CVE-2025-31424 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages allows Blind SQL Injection. This issue affects WP Lead Capturing Pages: from n/a through 2.3. | |||||
| CVE-2025-24767 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Blind SQL Injection. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19. | |||||
| CVE-2025-48141 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments allows SQL Injection. This issue affects Multi CryptoCurrency Payments: from n/a through 2.0.3. | |||||
| CVE-2025-31920 | 2025-06-12 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech WP Guppy allows SQL Injection. This issue affects WP Guppy: from n/a through 4.3.3. | |||||