Total
19261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7714 | 1 Globalmedya | 1 Content Management System | 2026-06-05 | N/A | 7.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows Command Line Execution through SQL Injection. This issue affects Content Management System (CMS): through 21072025. | |||||
| CVE-2026-10877 | 2026-06-05 | 7.5 HIGH | 7.3 HIGH | ||
| A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-10874 | 2026-06-05 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument social_insta leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-10875 | 2026-06-05 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument social_twitter results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2025-7744 | 1 Dolusoft | 1 Omaspot | 2026-06-05 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dolusoft Omaspot allows SQL Injection. This issue affects Omaspot: before 12.09.2025. | |||||
| CVE-2024-6699 | 1 Mikafon | 2 Ma7, Ma7 Firmware | 2026-06-05 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mikafon Electronic Inc. Mikafon MA7 allows SQL Injection. This issue affects Mikafon MA7: from v3.0 before v3.1. | |||||
| CVE-2025-8587 | 1 Akceyazilim | 1 Skspro | 2026-06-05 | N/A | 8.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection. This issue affects SKSPro: through 07012026. | |||||
| CVE-2025-10437 | 2026-06-05 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. Webpack Management System allows SQL Injection. This issue affects Webpack Management System: through 20251119. | |||||
| CVE-2025-10610 | 2026-06-05 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection. This issue affects Winsure: through Version dated 21.08.2025. | |||||
| CVE-2025-10439 | 2026-06-05 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yordam Informatics Yordam Library Automation System allows SQL Injection. This issue affects Yordam Library Automation System: from 21.5 & 21.6 before 21.7. | |||||
| CVE-2025-10969 | 1 Farktor | 1 E-commerce Package | 2026-06-05 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This issue affects E-Commerce Package: through 27112025. | |||||
| CVE-2025-10968 | 2026-06-05 | N/A | 8.8 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection. This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398. | |||||
| CVE-2025-10970 | 2026-06-05 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection. This issue affects Talentics: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11253 | 2026-06-04 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ERP allows SQL Injection. This issue affects Netty ERP: before V.1.1000. | |||||
| CVE-2025-11252 | 1 Signumtte | 1 Windesk.fm | 2026-06-04 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection. This issue affects windesk.Fm: before v2.3.4. NOTE: The vendor patched the vulnerability after the CVE was published. | |||||
| CVE-2025-11251 | 1 Daynex | 1 Woyio | 2026-06-04 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-10880 | 2026-06-04 | N/A | 9.8 CRITICAL | ||
| OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticated remote attacker to bypass authentication and log in as an administrator without supplying a valid password. | |||||
| CVE-2026-45722 | 1 Nextcloud | 1 Tables | 2026-06-04 | N/A | 7.1 HIGH |
| Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables app allowed a user with access to the tables app to perform a limited SQL injection in the ORDER BY statement of a query. Compared to normal SQL injections, the ORDER BY is limited to extracting a single bit of information per request or to make the database wait for a given time. This issue has been patched in versions 0.9.7 and 1.0.2. | |||||
| CVE-2026-45545 | 1 Nextcloud | 1 Tables | 2026-06-04 | N/A | 8.2 HIGH |
| Nextcloud is an open source content collaboration platform. From versions 0.7.0 to before 0.7.7, 0.8.0 to before 0.8.10, 0.9.0 to before 0.9.8, and 1.0.0 to before 1.0.4, an authenticated attacker with access to the Tables app may be able to execute arbitrary up to 20 bytes long SQL queries, through a stored injection. With carefully crafted input it is possible to break out of the length limitation. The attacker could use this to extract information from the database, or modify data. This issue has been patched in versions 0.7.7, 0.8.10, 0.9.8, 1.0.4, and 2.0.0. | |||||
| CVE-2026-10811 | 2026-06-04 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such manipulation of the argument ef_id leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | |||||