Total
19309 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-61943 | 1 Aveva | 1 Process Optimization | 2026-06-17 | N/A | 8.4 HIGH |
| The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server. | |||||
| CVE-2025-61675 | 2026-06-17 | N/A | N/A | ||
| FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the basestation, model, firmware, and custom extension configuration functionality areas. Authentication with a known username is required to exploit these vulnerabilities. Successful exploitation allows authenticated users to execute arbitrary SQL queries against the database, potentially enabling access to sensitive data or modification of database contents. This issue has been patched in version 16.0.92 for FreePBX 16 and version 17.0.6 for FreePBX 17. | |||||
| CVE-2025-61605 | 1 Wegia | 1 Wegia | 2026-06-17 | N/A | 9.8 CRITICAL |
| WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profile_pet.php endpoint, specifically in the id_pet parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0. | |||||
| CVE-2025-61603 | 1 Wegia | 1 Wegia | 2026-06-17 | N/A | 9.8 CRITICAL |
| WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0. | |||||
| CVE-2025-61548 | 1 Edubusinesssolutions | 1 Print Shop Pro Webdesk | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands | |||||
| CVE-2025-61540 | 1 Myupb | 1 Ultimate Php Board | 2026-06-17 | N/A | 6.5 MEDIUM |
| SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php. | |||||
| CVE-2025-61464 | 1 Sir | 1 Gnuboard | 2026-06-17 | N/A | 6.5 MEDIUM |
| gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the search_table in bbs/search.php. | |||||
| CVE-2025-61455 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass authentication and gain full access. | |||||
| CVE-2025-61385 | 2026-06-17 | N/A | 9.6 CRITICAL | ||
| SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal. | |||||
| CVE-2025-61247 | 2026-06-17 | N/A | 8.2 HIGH | ||
| indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php. | |||||
| CVE-2025-61246 | 1 Indieka900 | 1 Online Shopping System | 2026-06-17 | N/A | 9.8 CRITICAL |
| indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php via the proId parameter. | |||||
| CVE-2025-61194 | 1 Daicuo | 1 Daicuo | 2026-06-17 | N/A | 6.5 MEDIUM |
| daicuocms V1.3.13 contains a SQL injection vulnerability in the file library\think\db\Builder.php. | |||||
| CVE-2025-61167 | 1 Sigb | 1 Pmb | 2026-06-17 | N/A | 6.5 MEDIUM |
| SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id and datas parameters. | |||||
| CVE-2025-61096 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-06-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter. | |||||
| CVE-2025-60798 | 1 Phppgadmin Project | 1 Phppgadmin | 2026-06-17 | N/A | 6.5 MEDIUM |
| phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $_REQUEST['query'] directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands through malicious query manipulation, potentially leading to complete database compromise. | |||||
| CVE-2025-60797 | 1 Phppgadmin Project | 1 Phppgadmin | 2026-06-17 | N/A | 6.5 MEDIUM |
| phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization or parameterization via $data->conn->Execute($_REQUEST['query']). An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or privilege escalation. | |||||
| CVE-2025-60783 | 1 Rajvi-patel-22 | 1 Restaurant-management-system-dbms-project | 2026-06-17 | N/A | 6.5 MEDIUM |
| There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings. | |||||
| CVE-2025-60736 | 1 Anisha | 1 Online Medicine Guide | 2026-06-17 | N/A | 9.8 CRITICAL |
| code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter. | |||||
| CVE-2025-60641 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserialize(base64_decode($_POST['mexcel'])), where $_POST['mexcel'] is user-controlled input. This input is decoded from base64 and deserialized without validation or use of the allowed_classes option, allowing an attacker to inject arbitrary PHP objects. This can lead to malicious behavior, such as Remote Code Execution (RCE), SQL Injection, Path Traversal, or Denial of Service, depending on the availability of exploitable classes in the Vfront codebase or its dependencies. | |||||
| CVE-2025-60542 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false. | |||||