Total
15964 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7508 | 1 Code-projects | 1 Modern Bag | 2025-07-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in code-projects Modern Bag 1.0. Affected by this issue is some unknown functionality of the file /admin/product-update.php. The manipulation of the argument idProduct leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7509 | 1 Code-projects | 1 Modern Bag | 2025-07-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This affects an unknown part of the file /admin/slide.php. The manipulation of the argument idSlide leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7510 | 1 Code-projects | 1 Modern Bag | 2025-07-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in code-projects Modern Bag 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/productadd_back.php. The manipulation of the argument namepro leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7511 | 1 Fabian | 1 Chat System | 2025-07-15 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/update_account.php. The manipulation of the argument musername leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7512 | 1 Code-projects | 1 Modern Bag | 2025-07-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Modern Bag 1.0. It has been classified as critical. Affected is an unknown function of the file /contact-back.php. The manipulation of the argument contact-name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7513 | 1 Code-projects | 1 Modern Bag | 2025-07-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Modern Bag 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/slideupdate.php. The manipulation of the argument idSlide leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7514 | 1 Code-projects | 1 Modern Bag | 2025-07-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Modern Bag 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/contact-list.php. The manipulation of the argument idStatus leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7515 | 1 Anisha | 1 Online Appointment Booking System | 2025-07-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. This affects an unknown part of the file /ulocateus.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7612 | 1 Anisha | 1 Mobile Shop | 2025-07-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Mobile Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-51652 | 1 Sem-cms | 1 Semcms | 2025-07-15 | N/A | 5.4 MEDIUM |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php. | |||||
| CVE-2025-51653 | 1 Sem-cms | 1 Semcms | 2025-07-15 | N/A | 5.4 MEDIUM |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php. | |||||
| CVE-2025-51654 | 1 Sem-cms | 1 Semcms | 2025-07-15 | N/A | 5.4 MEDIUM |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php. | |||||
| CVE-2025-51655 | 1 Sem-cms | 1 Semcms | 2025-07-15 | N/A | 5.4 MEDIUM |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php. | |||||
| CVE-2025-51656 | 1 Sem-cms | 1 Semcms | 2025-07-15 | N/A | 5.4 MEDIUM |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php. | |||||
| CVE-2025-51657 | 1 Sem-cms | 1 Semcms | 2025-07-15 | N/A | 5.4 MEDIUM |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php. | |||||
| CVE-2025-51658 | 1 Sem-cms | 1 Semcms | 2025-07-15 | N/A | 5.4 MEDIUM |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php. | |||||
| CVE-2025-51659 | 1 Sem-cms | 1 Semcms | 2025-07-15 | N/A | 5.4 MEDIUM |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php. | |||||
| CVE-2024-36263 | 1 Apache | 1 Submarine | 2025-07-15 | N/A | 8.1 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-51660 | 1 Sem-cms | 1 Semcms | 2025-07-15 | N/A | 5.4 MEDIUM |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php. | |||||
| CVE-2024-53947 | 1 Apache | 1 Superset | 2025-07-15 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema. This issue affects Apache Superset: <4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS. | |||||