Total
18151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-70397 | 1 Jizhicms | 1 Jizhicms | 2026-02-19 | N/A | 7.2 HIGH |
| jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter. | |||||
| CVE-2025-12812 | 2026-02-19 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Delinea Inc. Cloud Suite and Privileged Access Service. Remediation: This issue is fixed in Cloud Suite: 25.1 | |||||
| CVE-2026-2663 | 2026-02-19 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15585 | 2026-02-19 | N/A | N/A | ||
| Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration. | |||||
| CVE-2026-0722 | 2026-02-19 | N/A | 6.5 MEDIUM | ||
| The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed via user-supplied parameter in the 'isNonceVerifyRequired' function. This makes it possible for unauthenticated attackers to execute SQL injection attacks, extracting sensitive information from the database, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-12707 | 2026-02-19 | N/A | 7.5 HIGH | ||
| The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-70981 | 1 Fit2cloud | 1 Cordys Crm | 2026-02-18 | N/A | 9.8 CRITICAL |
| CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter. | |||||
| CVE-2020-37110 | 1 Opensourcecms | 1 60cyclecms | 2026-02-18 | N/A | 8.2 HIGH |
| 60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modify database contents. This issue does not involve cross-site scripting. | |||||
| CVE-2022-31345 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-31343 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. | |||||
| CVE-2022-31350 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=. | |||||
| CVE-2022-31354 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service. | |||||
| CVE-2022-31347 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. | |||||
| CVE-2022-31352 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. | |||||
| CVE-2022-31346 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. | |||||
| CVE-2022-31353 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. | |||||
| CVE-2022-31344 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. | |||||
| CVE-2022-31351 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. | |||||
| CVE-2022-31348 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=. | |||||
| CVE-2023-39675 | 1 Myprestamodules | 1 Product Catalog \(csv\, Excel\) Import | 2026-02-18 | N/A | 9.8 CRITICAL |
| SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php. | |||||