Total
17154 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7841 | 1 Schneider-electric | 1 U.motion Builder | 2025-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered. | |||||
| CVE-2025-63622 | 1 Fabian | 1 Online Complaint Site | 2025-11-03 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This manipulation of the argument category causes SQL injection. | |||||
| CVE-2025-59397 | 2025-11-03 | N/A | 5.0 MEDIUM | ||
| Open Web Analytics (OWA) before 1.8.1 allows owa_db.php v[value] SQL injection. | |||||
| CVE-2025-54119 | 2025-11-03 | N/A | 10.0 CRITICAL | ||
| ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter. | |||||
| CVE-2025-12292 | 1 Janobe | 1 Point Of Sales | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-34304 | 1 Ipfire | 1 Ipfire | 2025-11-03 | N/A | 6.5 MEDIUM |
| IPFire versions prior to 2.29 (Core Update 198) contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTION_NAME parameter. When viewing a range of OpenVPN connection logs, the application issues an HTTP POST request to the Request-URI /cgi-bin/logs.cgi/ovpnclients.dat and inserts the value of the CONNECTION_NAME parameter directly into the WHERE clause without proper sanitization or parameterization. The unsanitized value can alter the executed query and be used to disclose sensitive information from the database. | |||||
| CVE-2025-12294 | 1 Janobe | 1 Point Of Sales | 2025-11-03 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security flaw has been discovered in SourceCodester Point of Sales 1.0. Impacted is an unknown function of the file /delete_category.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-12293 | 1 Janobe | 1 Point Of Sales | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-12339 | 1 Campcodes | 1 Retro Basketball Shoes Online Store | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file /admin/admin_football.php. The manipulation of the argument pid leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-12338 | 1 Campcodes | 1 Retro Basketball Shoes Online Store | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file /admin/admin_product.ph. Executing manipulation of the argument pid can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-12337 | 1 Campcodes | 1 Retro Basketball Shoes Online Store | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/admin_feature.php. Performing manipulation of the argument pid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-12336 | 1 Campcodes | 1 Retro Basketball Shoes Online Store | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_index.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-12308 | 1 Fabian | 1 Nero Social Networking Site | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in code-projects Nero Social Networking Site 1.0. Affected by this issue is some unknown functionality of the file /deletemessage.php. Performing manipulation of the argument message_id results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-12307 | 1 Fabian | 1 Nero Social Networking Site | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used. | |||||
| CVE-2025-12306 | 1 Fabian | 1 Nero Social Networking Site | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in code-projects Nero Social Networking Site 1.0. Affected is an unknown function of the file /acceptoffres.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-11317 | 1 Tipray | 1 Data Leakage Prevention System | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findRolePage of the file findSingConfigPage.do. The manipulation of the argument sort leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11316 | 1 Tipray | 1 Data Leakage Prevention System | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this issue is the function findCategoryPage of the file findCategoryPage.do. Executing manipulation of the argument tenantId can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11315 | 1 Tipray | 1 Data Leakage Prevention System | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this vulnerability is the function findUserPage of the file findUserPage.do. Performing manipulation of the argument sort results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11314 | 1 Tipray | 1 Data Leakage Prevention System | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected is the function findRolePage of the file findSingConfigPage.do. Such manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11313 | 1 Tipray | 1 Data Leakage Prevention System | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This impacts the function findRolePage of the file findRolePage.do. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||