Total
17556 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-47848 | 2026-01-26 | N/A | 8.2 HIGH | ||
| Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. Attackers can manipulate the login request by sending a crafted username with SQL injection techniques to gain unauthorized administrative access. | |||||
| CVE-2021-47872 | 2026-01-26 | N/A | 7.1 HIGH | ||
| SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by injecting malicious SQL code into the order column parameter. | |||||
| CVE-2025-4764 | 2026-01-26 | N/A | 8.0 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-27378 | 2026-01-26 | N/A | 8.6 HIGH | ||
| AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries. | |||||
| CVE-2025-36588 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | |||||
| CVE-2026-24367 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8. | |||||
| CVE-2025-69180 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra Portfolio: from n/a through <= 6.7. | |||||
| CVE-2026-0603 | 2026-01-26 | N/A | 8.3 HIGH | ||
| A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service. | |||||
| CVE-2026-24572 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through <= 4.1.0. | |||||
| CVE-2026-24624 | 2026-01-26 | N/A | 7.2 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in saeros1984 Neoforum neoforum allows Blind SQL Injection.This issue affects Neoforum: from n/a through <= 1.0. | |||||
| CVE-2026-0806 | 2026-01-26 | N/A | 4.9 MEDIUM | ||
| The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-52694 | 1 Advantech | 5 Iot Edge Linux Docker, Iot Edge Windows, Iotsuite Growth Linux Docker and 2 more | 2026-01-26 | N/A | 10.0 CRITICAL |
| Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately. | |||||
| CVE-2025-0103 | 1 Paloaltonetworks | 1 Expedition | 2026-01-23 | N/A | 8.8 HIGH |
| An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system. | |||||
| CVE-2024-7930 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2026-01-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/get_packings.php. The manipulation of the argument medicine_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-30886 | 1 Joomsky | 1 Js Help Desk | 2026-01-23 | N/A | 9.3 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2. | |||||
| CVE-2025-31910 | 1 Reputeinfosystems | 1 Bookingpress | 2026-01-23 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28. | |||||
| CVE-2024-7871 | 1 Easytest | 1 Easytest Online Test Platform | 2026-01-23 | N/A | 8.8 HIGH |
| SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter. | |||||
| CVE-2023-7123 | 1 Oretnom23 | 1 Medicine Tracker System | 2026-01-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracking System 1.0. This issue affects some unknown processing of the file /classes/Master.php? f=save_medicine. The manipulation of the argument id/name/description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249095. | |||||
| CVE-2022-47151 | 1 Joomsky | 1 Js Help Desk | 2026-01-23 | N/A | 8.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | |||||
| CVE-2020-25760 | 1 Projectworlds | 1 Visitor Management System | 2026-01-23 | 6.5 MEDIUM | 8.8 HIGH |
| Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database. | |||||