Total
15992 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1597 | 2 Fedoraproject, Postgresql | 2 Fedora, Postgresql Jdbc Driver | 2025-06-12 | N/A | 10.0 CRITICAL |
| pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected. | |||||
| CVE-2025-31059 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in woobewoo WBW Product Table PRO allows SQL Injection. This issue affects WBW Product Table PRO: from n/a through 2.1.3. | |||||
| CVE-2025-47651 | 2025-06-12 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global allows SQL Injection. This issue affects Infility Global: from n/a through 2.12.4. | |||||
| CVE-2025-48122 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows SQL Injection. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37. | |||||
| CVE-2025-47608 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows SQL Injection. This issue affects Recover abandoned cart for WooCommerce: from n/a through 2.5. | |||||
| CVE-2025-48281 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer allows Blind SQL Injection. This issue affects MyStyle Custom Product Designer: from n/a through 3.21.1. | |||||
| CVE-2025-31424 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages allows Blind SQL Injection. This issue affects WP Lead Capturing Pages: from n/a through 2.3. | |||||
| CVE-2025-24767 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Blind SQL Injection. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19. | |||||
| CVE-2025-48141 | 2025-06-12 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments allows SQL Injection. This issue affects Multi CryptoCurrency Payments: from n/a through 2.0.3. | |||||
| CVE-2025-31920 | 2025-06-12 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech WP Guppy allows SQL Injection. This issue affects WP Guppy: from n/a through 4.3.3. | |||||
| CVE-2025-40657 | 2025-06-12 | N/A | N/A | ||
| A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp. | |||||
| CVE-2025-40655 | 2025-06-12 | N/A | N/A | ||
| A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp. | |||||
| CVE-2025-40656 | 2025-06-12 | N/A | N/A | ||
| A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp. | |||||
| CVE-2025-40654 | 2025-06-12 | N/A | N/A | ||
| A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name and cod parameters in /antbuspre.asp. | |||||
| CVE-2024-56158 | 2025-06-12 | N/A | N/A | ||
| XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMS_XMLGEN or DBMS_XMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. This vulnerability is fixed in 16.10.2, 16.4.7, and 15.10.16. | |||||
| CVE-2025-32466 | 2025-06-12 | N/A | N/A | ||
| A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard. | |||||
| CVE-2024-25308 | 1 Code-projects | 1 Simple School Management System | 2025-06-12 | N/A | 8.8 HIGH |
| Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php. | |||||
| CVE-2024-24029 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-06-12 | N/A | 9.8 CRITICAL |
| JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. | |||||
| CVE-2024-24013 | 1 Xxyopen | 1 Novel-plus | 2025-06-12 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list | |||||
| CVE-2025-46052 | 1 Weberp | 1 Weberp | 2025-06-12 | N/A | 9.8 CRITICAL |
| An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php | |||||