Total
19475 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25515 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 8.8 HIGH |
| Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attacker to exploit the database. | |||||
| CVE-2025-25514 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 6.5 MEDIUM |
| Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php. | |||||
| CVE-2025-25513 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 9.8 CRITICAL |
| Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php. | |||||
| CVE-2025-25462 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 5.5 MEDIUM |
| A SQL Injection vulnerability was found in /admin/add-propertytype.php in PHPGurukul Land Record System Project in PHP v1.0 allows remote attackers to execute arbitrary code via the propertytype POST request parameter. | |||||
| CVE-2025-25426 | 1 Guchengwuyue | 1 Yshopmall | 2026-06-17 | N/A | 7.2 HIGH |
| yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface. | |||||
| CVE-2025-25403 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/coll_type.php. | |||||
| CVE-2025-25389 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter. | |||||
| CVE-2025-25388 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid GET request parameter. | |||||
| CVE-2025-25387 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST request parameter. | |||||
| CVE-2025-25357 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email POST request parameter. | |||||
| CVE-2025-25356 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter. | |||||
| CVE-2025-25355 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter. | |||||
| CVE-2025-25354 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 7.2 HIGH |
| A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter. | |||||
| CVE-2025-25352 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter. | |||||
| CVE-2025-25351 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2026-06-17 | N/A | 9.8 CRITICAL |
| PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter. | |||||
| CVE-2025-25349 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2026-06-17 | N/A | 9.8 CRITICAL |
| PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter. | |||||
| CVE-2025-25257 | 1 Fortinet | 1 Fortiweb | 2026-06-17 | N/A | 9.8 CRITICAL |
| An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. | |||||
| CVE-2025-25228 | 1 Virtuemart | 1 Virtuemart | 2026-06-17 | N/A | 3.8 LOW |
| A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend. | |||||
| CVE-2025-25226 | 1 Joomla | 1 Joomla\! | 2026-06-17 | N/A | 9.8 CRITICAL |
| Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used. | |||||
| CVE-2025-25222 | 1 Luxsoft | 1 Luxcal Web Calendar | 2026-06-17 | N/A | 9.8 CRITICAL |
| The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved. | |||||