Total
15998 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51210 | 1 Webkul | 1 Bundle Product | 2025-06-09 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function. | |||||
| CVE-2025-5837 | 1 Phpgurukul | 1 Employee Record Management System | 2025-06-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file /admin/allemployees.php. The manipulation of the argument delid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5859 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2025-06-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /test-details.php. The manipulation of the argument assignto leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5860 | 1 Phpgurukul | 1 Maid Hiring Management System | 2025-06-09 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Maid Hiring Management System 1.0. This affects an unknown part of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5376 | 1 Razormist | 1 Health Center Patient Record Management System | 2025-06-09 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester Health Center Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /patient.php. The manipulation of the argument itr_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5370 | 1 Phpgurukul | 1 News Portal Project | 2025-06-09 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5369 | 1 Razormist | 1 Display Username After Login | 2025-06-09 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in SourceCodester PHP Display Username After Login 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11372 | 1 Floriansimunek | 1 Connexion Logs | 2025-06-09 | N/A | 7.2 HIGH |
| The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | |||||
| CVE-2025-5252 | 1 Phpgurukul | 1 News Portal Project | 2025-06-09 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul News Portal Project 4.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-subadmin.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-48743 | 1 Sigb | 1 Pmb | 2025-06-09 | N/A | 5.3 MEDIUM |
| SIGB PMB before 8.0.1.2 allows SQL injection. | |||||
| CVE-2025-46154 | 1 Foxcms | 1 Foxcms | 2025-06-09 | N/A | 8.4 HIGH |
| Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] parameter of installdb.php. | |||||
| CVE-2025-43923 | 1 Unicomsi | 1 Focal Point | 2025-06-09 | N/A | 6.5 MEDIUM |
| An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation. | |||||
| CVE-2024-12976 | 1 Code-projects | 1 Hospital Management System | 2025-06-09 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2024-24021 | 1 Xxyopen | 1 Novel-plus | 2025-06-09 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list. | |||||
| CVE-2025-32924 | 1 Roninwp | 1 Revy | 2025-06-09 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy allows SQL Injection.This issue affects Revy: from n/a through 2.1. | |||||
| CVE-2025-47538 | 1 Wpdever | 1 Cart Tracking For Woocommerce | 2025-06-09 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdever Cart tracking for WooCommerce allows SQL Injection. This issue affects Cart tracking for WooCommerce: from n/a through 1.0.17. | |||||
| CVE-2025-48998 | 1 Dataease | 1 Dataease | 2025-06-09 | N/A | 8.8 HIGH |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | |||||
| CVE-2025-5599 | 1 Phpgurukul | 1 Student Result Management System | 2025-06-09 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. This vulnerability affects unknown code of the file /editmyexp.php. The manipulation of the argument emp1ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-29892 | 2025-06-09 | N/A | N/A | ||
| An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later | |||||
| CVE-2025-47544 | 1 Acowebs | 1 Dynamic Pricing With Discount Rules For Woocommerce | 2025-06-06 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce allows Blind SQL Injection. This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through 4.5.8. | |||||