Export limit exceeded: 18743 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18743 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2093 | 1 Flowring | 1 Docpedia | 2026-04-15 | 7.5 High |
| Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2025-11972 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.9 Medium |
| The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to SQL Injection via the 'post_types' parameter in all versions up to, and including, 3.40.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-10121 | 1 Dagg | 1 Uverif | 2026-04-15 | 6.3 Medium |
| A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kami_list. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2024-12706 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.: through 24.4. | ||||
| CVE-2025-48089 | 2 Rainbow-themes, Wordpress | 2 Education Wordpress Theme, Wordpress | 2026-04-15 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through < 3.1.0. | ||||
| CVE-2024-42844 | 2026-04-15 | 8.1 High | ||
| A SQL Injection vulnerability has been identified in EPICOR Prophet 21 (P21) up to 23.2.5232. This vulnerability allows authenticated remote attackers to execute arbitrary SQL commands through unsanitized user input fields to obtain unauthorized information | ||||
| CVE-2025-31099 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bestweblayout Slider by BestWebSoft slider-bws allows SQL Injection.This issue affects Slider by BestWebSoft: from n/a through <= 1.1.0. | ||||
| CVE-2025-5319 | 1 Emit | 1 Efficiency Management System | 2026-04-15 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Emit Informatics and Communication Technologies Industry and Trade Ltd. Co. DIGITA Efficiency Management System allows SQL Injection.This issue affects DIGITA Efficiency Management System: through 03022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-55987 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ritesh Sanap Advanced What should we write next about advanced-what-should-we-write-about-next allows SQL Injection.This issue affects Advanced What should we write next about: from n/a through <= 1.0.3. | ||||
| CVE-2024-31370 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit aikit-wordpress-ai-writing-assistant-using-gpt3.This issue affects AIKit: from n/a through <= 4.14.1. | ||||
| CVE-2025-52021 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2026-04-15 | 9.8 Critical |
| A SQL Injection vulnerability exists in the edit_product.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The product_id GET parameter is unsafely passed to a SQL query without proper validation or parameterization. | ||||
| CVE-2024-30494 | 1 Aliyun-oss-client Project | 1 Aliyun-oss-client | 2026-04-15 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 沈唁 OSS Aliyun.This issue affects OSS Aliyun: from n/a through 1.4.10. | ||||
| CVE-2025-13673 | 2 Themeum, Wordpress | 2 Tutor Lms – Elearning And Online Course Solution, Wordpress | 2026-04-15 | 7.5 High |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'coupon_code' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. NOTE: This vulnerability was partially mitigated in versions 3.9.4 and 3.9.6. | ||||
| CVE-2025-10870 | 1 Dial | 1 Centrosnet | 2026-04-15 | N/A |
| SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'. | ||||
| CVE-2024-8259 | 1 Eryaz Information Technologies | 1 Natracar B2b Dealer Management Program | 2026-04-15 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024. NOTE: The vendor was contacted and it was learned that the product is not supported. | ||||
| CVE-2024-12097 | 2026-04-15 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2024. | ||||
| CVE-2025-11177 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.5 High |
| The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database when a PostgreSQL or MSSQL database is configured as the external authentication database. | ||||
| CVE-2025-10036 | 2 Fifu, Wordpress | 2 Featured Image From Url, Wordpress | 2026-04-15 | 4.9 Medium |
| The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to SQL Injection via the get_all_urls() function in all versions up to, and including, 5.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-54445 | 2026-04-15 | N/A | ||
| Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables. | ||||
| CVE-2025-14068 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.5 High |
| The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by' parameter in all versions up to, and including, 0.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||