Total
17169 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63724 | 1 Meeco | 1 Svx Portal | 2025-11-18 | 6 Medium |
| SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via crafted POST request to admin/update_setings.php. | ||||
| CVE-2025-13208 | 1 Hotels Server Project | 1 Hotels Server | 2025-11-18 | 6.3 Medium |
| A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. The impacted element is an unknown function of the file controller/api/hotelList.php. The manipulation of the argument subjectId/cityName results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-13319 | 1 Nettec | 1 Digi On-prem Manager | 2025-11-18 | 8.8 High |
| An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by default, and a valid API token is required to perform the attack. | ||||
| CVE-2025-62519 | 1 Thorsten | 1 Phpmyfaq | 2025-11-18 | 7.2 High |
| phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. This issue has been patched in version 4.0.14. | ||||
| CVE-2025-13276 | 1 G33kyrash | 1 Online-banking-system | 2025-11-18 | 7.3 High |
| A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2019-9053 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-11-17 | N/A |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter. | ||||
| CVE-2025-12928 | 2 Code-projects, Fabian | 2 Online Job Search Engine, Online Job Search Engine | 2025-11-17 | 7.3 High |
| A vulnerability was detected in code-projects Online Job Search Engine 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument username/phone results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2025-13075 | 2 Codeprojects, Fabian | 2 Responsive Hotel Site, Responsive Hotel Site | 2025-11-17 | 4.7 Medium |
| A vulnerability was detected in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/usersettingdel.php. Performing manipulation of the argument eid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | ||||
| CVE-2025-13076 | 2 Codeprojects, Fabian | 2 Responsive Hotel Site, Responsive Hotel Site | 2025-11-17 | 4.7 Medium |
| A flaw has been found in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/usersetting.php. Executing manipulation of the argument usname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | ||||
| CVE-2025-0585 | 1 Aenrich | 1 A\+hrd | 2025-11-17 | 9.8 Critical |
| The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2025-10087 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-11-17 | 4.7 Medium |
| A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-63718 | 2 Pamzey, Sourcecodester | 2 Patients Waiting Area Queue Management System, Patient Queue Management System | 2025-11-17 | 6.5 Medium |
| A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands. | ||||
| CVE-2024-44636 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | 6.5 Medium |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php. | ||||
| CVE-2024-44639 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | 6.5 Medium |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php. | ||||
| CVE-2024-44640 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | 6.5 Medium |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php. | ||||
| CVE-2021-47693 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 8.8 High |
| The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject SQL fragments. Successful exploitation could lead to unauthorized disclosure or modification of configuration and application data, and in some environments could allow further compromise of the application or backend database. | ||||
| CVE-2020-36869 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 7.2 High |
| Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly sanitized, allowing SQL injection that may lead to unauthorized disclosure or modification of application data or execution of arbitrary SQL commands against the backend database. | ||||
| CVE-2020-36859 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 8.8 High |
| The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject SQL fragments. Successful exploitation could lead to unauthorized disclosure or modification of configuration and application data, and in some environments could allow further compromise of the application or backend database. | ||||
| CVE-2016-15050 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-17 | 8.8 High |
| Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorporated into SQL statements without adequate parameterization or sanitation, allowing an authenticated user to manipulate database queries. Successful exploitation could disclose or modify notification data and, in some cases, impact the application database more broadly. | ||||
| CVE-2024-55016 | 1 Phpgurukul | 2 Student Management System, Student Record System | 2025-11-17 | 6.5 Medium |
| PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php. | ||||