Total
17154 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44640 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php. | |||||
| CVE-2024-55016 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php. | |||||
| CVE-2025-59499 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2025-11-17 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2024-44630 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
| Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country, state, city, padd, cadd, and gender. | |||||
| CVE-2024-44632 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php. | |||||
| CVE-2024-44633 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php. | |||||
| CVE-2024-13973 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-17 | N/A | 6.8 MEDIUM |
| A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution. | |||||
| CVE-2025-7624 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-17 | N/A | 9.8 CRITICAL |
| An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA. | |||||
| CVE-2025-1389 | 1 Learningdigital | 1 Orca Hcm | 2025-11-17 | N/A | 8.8 HIGH |
| Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents. | |||||
| CVE-2025-12855 | 1 Fabian | 1 Responsive Hotel Site | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security flaw has been discovered in code-projects Responsive Hotel Site 1.0. This issue affects some unknown processing of the file /admin/newsletterdel.php. The manipulation of the argument eid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-12856 | 1 Fabian | 1 Responsive Hotel Site | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-12857 | 1 Fabian | 1 Responsive Hotel Site | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.php. Such manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-12913 | 1 Fabian | 1 Responsive Hotel Site | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A flaw has been found in code-projects Responsive Hotel Site 1.0. This affects an unknown part of the file /admin/roomdel.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2025-12932 | 1 Janobe | 1 Baby Care System | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=inbox. This manipulation of the argument msgid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-12933 | 1 Janobe | 1 Baby Care System | 2025-11-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcome. Such manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-12938 | 1 Projectworlds | 1 Online Admission System | 2025-11-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in projectworlds Online Admission System 1.0. Affected by this vulnerability is an unknown functionality of the file /process_login.php. The manipulation of the argument keywords leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-12939 | 1 Janobe | 1 Interview Management System | 2025-11-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Affected by this issue is some unknown functionality of the file /addCandidate.php. The manipulation of the argument candName results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-13057 | 1 Campcodes | 1 School Fees Payment Management System | 2025-11-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_student. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-13059 | 1 Oretnom23 | 1 Alumni Management System | 2025-11-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in SourceCodester Alumni Management System 1.0. The impacted element is an unknown function of the file /manage_career.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-13060 | 1 Oretnom23 | 1 Survey Application System | 2025-11-17 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in SourceCodester Survey Application System 1.0. This affects an unknown function of the file /view_survey.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | |||||