Total
18185 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39474 | 1 Thememove | 1 Amely | 2026-02-11 | N/A | 9.3 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Amely allows SQL Injection. This issue affects Amely: from n/a through 3.1.4. | |||||
| CVE-2021-47918 | 1 Simplephpscripts | 1 Simple Cms Php | 2026-02-11 | N/A | 8.1 HIGH |
| Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application. | |||||
| CVE-2021-47915 | 1 Phpsugar | 1 Php Melody | 2026-02-11 | N/A | 8.1 HIGH |
| PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system. | |||||
| CVE-2025-63624 | 1 Sdkede | 2 Iot Smart Water Meter, Iot Smart Water Meter Firmware | 2026-02-11 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imei_list.aspx file. | |||||
| CVE-2025-52025 | 1 Aptsys | 1 Gemscms Backend | 2026-02-11 | N/A | 9.4 CRITICAL |
| An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows an attacker to inject and execute arbitrary SQL code by submitting crafted input in the id parameter, leading to unauthorized data access or modification. | |||||
| CVE-2026-2060 | 1 Fabian | 1 Simple Blood Donor Management System | 2026-02-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Simple Blood Donor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /simpleblooddonor/editcampaignform.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-69662 | 1 Geopandas | 1 Geopandas | 2026-02-11 | N/A | 8.6 HIGH |
| SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database. | |||||
| CVE-2026-2134 | 1 Phpgurukul | 1 Hospital Management System | 2026-02-11 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-2136 | 1 Projectworlds | 1 Online Food Ordering System | 2026-02-11 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2026-2158 | 1 Carmelo | 1 Student Web Portal | 2026-02-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. | |||||
| CVE-2026-2172 | 1 Fabian | 1 Online Application System For Admission | 2026-02-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in code-projects Online Application System for Admission 1.0. Affected by this vulnerability is an unknown functionality of the file enrollment/index.php of the component Login Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-2173 | 1 Fabian | 1 Online Examination System | 2026-02-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. | |||||
| CVE-2026-2176 | 1 Fabian | 1 Contact Management System | 2026-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem[0] leads to sql injection. The attack can be executed remotely. | |||||
| CVE-2025-13431 | 2026-02-11 | N/A | 6.5 MEDIUM | ||
| The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-6830 | 2026-02-11 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Türkiye Information Technology Inc. Password Module allows SQL Injection.This issue affects Password Module: through 11022026. | |||||
| CVE-2025-57529 | 1 Youdatasum | 1 Cpas Audit Management System | 2026-02-10 | N/A | 9.8 CRITICAL |
| YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could lead to unauthorized data access | |||||
| CVE-2025-14598 | 1 Cloudilyaerp | 1 Bet E-portal | 2026-02-10 | N/A | 9.8 CRITICAL |
| BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database. | |||||
| CVE-2026-1478 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | N/A | 7.5 HIGH |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' and 'Id_evaluacion’ in ‘/evaluacion_hca_evalua.aspx’, could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | |||||
| CVE-2026-1483 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | N/A | 7.5 HIGH |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Id_usuario' in '/evaluacion_objetivos_ver_auto.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | |||||
| CVE-2026-1472 | 1 Quatuor | 1 Evaluacion De Desempeno | 2026-02-10 | N/A | 7.5 HIGH |
| An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'txAny' in '/evaluacion_competencias_autoeval_list.aspx', could allow an attacker to extract sensitive information from the database through external channels, without the affected application returning the data directly, compromising the confidentiality of the stored information. | |||||