Total
17301 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27289 | 3 Jackc, Pgx Project, Redhat | 4 Pgx, Pgx, Advanced Cluster Security and 1 more | 2025-12-11 | 8.1 High |
| pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder. | ||||
| CVE-2025-59499 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2025-12-11 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-10351 | 1 Melistechnology | 1 Melis Platform | 2025-12-11 | N/A |
| SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint. | ||||
| CVE-2023-7096 | 1 Carmelogarcia | 1 Faculty Management System | 2025-12-11 | 4.7 Medium |
| A flaw has been found in code-projects Faculty Management System 1.0. The affected element is an unknown function of the file /admin/php/crud.php. This manipulation of the argument fieldname/tablename causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2025-14245 | 1 Ideacms | 1 Ideacms | 2025-12-11 | 7.3 High |
| A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-14090 | 1 Amttgroup | 2 Hibos, Hotel Broadband Operation System | 2025-12-10 | 4.7 Medium |
| A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmake_down.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-62093 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Image&Video FullScreen Background lbg_fullscreen_fullwidth_slider allows SQL Injection.This issue affects Image&Video FullScreen Background: from n/a through <= 1.6.7. | ||||
| CVE-2025-14011 | 1 Jizhicms | 1 Jizhicms | 2025-12-10 | 4.7 Medium |
| A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14012 | 1 Jizhicms | 1 Jizhicms | 2025-12-10 | 4.7 Medium |
| A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14193 | 2 Carmelogarcia, Code-projects | 2 Employee Profile Management System, Employee Profile Management System | 2025-12-10 | 6.3 Medium |
| A vulnerability was determined in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file /view_personnel.php. Executing manipulation of the argument per_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-12807 | 1 Rockwellautomation | 1 Factorytalk Datamosaix Private Cloud | 2025-12-10 | N/A |
| A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints. | ||||
| CVE-2025-12504 | 1 Talentsoft | 1 Unis | 2025-12-10 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TalentSoft Software UNIS allows SQL Injection.This issue affects UNIS: before 42321. | ||||
| CVE-2025-14203 | 2 Carmelo, Code-projects | 2 Question Paper Generator, Question Paper Generator | 2025-12-10 | 6.3 Medium |
| A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2025-14209 | 1 Campcodes | 1 School File Management System | 2025-12-10 | 7.3 High |
| A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /update_query.php. This manipulation of the argument stud_id causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-14210 | 1 Projectworlds | 1 Advanced Library Management System | 2025-12-10 | 7.3 High |
| A security vulnerability has been detected in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /delete_member.php. Such manipulation of the argument user_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-14211 | 1 Projectworlds | 1 Advanced Library Management System | 2025-12-10 | 7.3 High |
| A vulnerability was detected in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /delete_book.php. Performing manipulation of the argument book_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2025-14212 | 1 Projectworlds | 1 Advanced Library Management System | 2025-12-10 | 7.3 High |
| A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /member_search.php. Executing manipulation of the argument roll_number can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2025-14222 | 2 Carmelogarcia, Code-projects | 2 Employee Profile Management System, Employee Profile Management System | 2025-12-10 | 6.3 Medium |
| A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /print_personnel_report.php. This manipulation of the argument per_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2025-14223 | 2 Carmelo, Code-projects | 2 Simple Leave Manager, Simple Leave Manager | 2025-12-10 | 7.3 High |
| A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staff_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-14226 | 2 Angeljudesuarez, Itsourcecode | 2 Student Management System, Student Management System | 2025-12-10 | 7.3 High |
| A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Other parameters might be affected as well. | ||||