Total
19309 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-63624 | 1 Sdkede | 2 Iot Smart Water Meter, Iot Smart Water Meter Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imei_list.aspx file. | |||||
| CVE-2025-63622 | 1 Fabian | 1 Online Complaint Site | 2026-06-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This manipulation of the argument category causes SQL injection. | |||||
| CVE-2025-63608 | 1 Cszcms | 1 Csz Cms | 2026-06-17 | N/A | 5.4 MEDIUM |
| A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries. | |||||
| CVE-2025-63585 | 1 Opensource-socialnetwork | 1 Open Source Social Network | 2026-06-17 | N/A | 6.5 MEDIUM |
| OSSN (Open Source Social Network) 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter. | |||||
| CVE-2025-63535 | 1 Shridharshukl | 1 Blood Bank Management System | 2026-06-17 | N/A | 9.6 CRITICAL |
| A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system. | |||||
| CVE-2025-63532 | 1 Shridharshukl | 1 Blood Bank Management System | 2026-06-17 | N/A | 9.6 CRITICAL |
| A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system. | |||||
| CVE-2025-63531 | 1 Shridharshukl | 1 Blood Bank Management System | 2026-06-17 | N/A | 10.0 CRITICAL |
| A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, an attacker can bypass authentication and gain unauthorized access to the system. | |||||
| CVE-2025-63512 | 1 Kishan0725 | 1 Hospital Management System | 2026-06-17 | N/A | 6.5 MEDIUM |
| kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic. The application fails to properly sanitize or parameterize user-supplied input from the demail parameter before incorporating it directly into a dynamic SQL query. | |||||
| CVE-2025-63497 | 1 Rickxy | 1 Hospital Management System | 2026-06-17 | N/A | 7.1 HIGH |
| The patient prescription viewing functionality in his_doc_view_single_patient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. The pat_number GET parameter is directly concatenated into SQL queries without proper sanitization, allowing authenticated attackers (doctor role) to execute arbitrary SQL queries. | |||||
| CVE-2025-63453 | 1 Car-booking-system-php Project | 1 Car-booking-system-php | 2026-06-17 | N/A | 9.8 CRITICAL |
| Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php. | |||||
| CVE-2025-63452 | 1 Car-booking-system-php Project | 1 Car-booking-system-php | 2026-06-17 | N/A | 9.4 CRITICAL |
| Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php. | |||||
| CVE-2025-63451 | 1 Car-booking-system-php Project | 1 Car-booking-system-php | 2026-06-17 | N/A | 9.8 CRITICAL |
| Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php. | |||||
| CVE-2025-62849 | 1 Qnap | 2 Qts, Quts Hero | 2026-06-17 | N/A | 9.8 CRITICAL |
| An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later | |||||
| CVE-2025-62728 | 1 Apache | 1 Hive | 2026-06-17 | N/A | 5.4 MEDIUM |
| SQL injection vulnerability in Hive Metastore Server (HMS) when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is accessible to only a handful of applications (e.g., Hiveserver2) thus the vulnerability is not exploitable. Moreover, the vulnerable code cannot be reached when metastore.try.direct.sql property is set to false. This issue affects Apache Hive: from 4.1.0 before 4.2.0. Users are recommended to upgrade to version 4.2.0, which fixes the issue. Users who cannot upgrade directly are encouraged to set metastore.try.direct.sql property to false if the HMS Thrift APIs are exposed to general public. | |||||
| CVE-2025-62658 | 2026-06-17 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44. | |||||
| CVE-2025-62655 | 2026-06-17 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44. | |||||
| CVE-2025-62617 | 1 Admidio | 1 Admidio | 2026-06-17 | N/A | 7.2 HIGH |
| Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role (such as an administrator) can exploit this vulnerability to execute arbitrary SQL commands. This can lead to a full compromise of the application's database, including reading, modifying, or deleting all data. This issue has been patched in version 4.3.17. | |||||
| CVE-2025-62606 | 2026-06-17 | N/A | 8.8 HIGH | ||
| my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a full compromise of the application's database, including reading, modifying, or deleting all data. This issue has been patched in version 2.5.12. | |||||
| CVE-2025-62519 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-06-17 | N/A | 7.2 HIGH |
| phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. This issue has been patched in version 4.0.14. | |||||
| CVE-2025-62423 | 1 Oxygenz | 1 Clipbucket | 2026-06-17 | N/A | 6.7 MEDIUM |
| ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/admin_area/login_as_user.php” file. Exploiting this vulnerability requires access privileges to the Admin Area. | |||||