Total
17154 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-7138 | 1 Fabian | 1 Client Details System | 2025-10-29 | 5.8 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249141 was assigned to this vulnerability. | |||||
| CVE-2025-11605 | 1 Fabian | 1 Client Details System | 2025-10-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/update-profile.php. Such manipulation of the argument uid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2023-7142 | 1 Fabian | 1 Client Details System | 2025-10-29 | 4.7 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability. | |||||
| CVE-2025-6446 | 1 Fabian | 1 Client Details System | 2025-10-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /clientdetails/admin/index.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-7139 | 1 Fabian | 1 Client Details System | 2025-10-29 | 4.7 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/regester.php of the component HTTP POST Request Handler. The manipulation of the argument fname/lname/email/contact leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249142 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7141 | 1 Fabian | 1 Client Details System | 2025-10-29 | 4.7 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of the argument uid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249144. | |||||
| CVE-2025-21628 | 1 Chatwoot | 1 Chatwoot | 2025-10-29 | N/A | 9.1 CRITICAL |
| Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of query_operator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to run arbitrary SQL within the filter query by adding a tautological WHERE clause. This issue is patched with v3.16.0. | |||||
| CVE-2025-57423 | 2025-10-28 | N/A | 6.5 MEDIUM | ||
| A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a crafted GET request, potentially leading to information disclosure or manipulation of the database. | |||||
| CVE-2025-56316 | 1 Mingsoft | 1 Mcms | 2025-10-28 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering. | |||||
| CVE-2025-47902 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2025-10-28 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5. | |||||
| CVE-2025-8709 | 2025-10-28 | N/A | 7.3 HIGH | ||
| A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators ($eq, $ne, $gt, $lt, $gte, $lte) where direct string concatenation is used without proper parameterization. This allows attackers to inject arbitrary SQL, leading to unauthorized access to all documents, data exfiltration of sensitive fields such as passwords and API keys, and a complete bypass of application-level security filters. | |||||
| CVE-2025-12208 | 1 Mayurik | 1 Best House Rental Management System | 2025-10-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /admin_class.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-12215 | 1 Projectworlds | 1 Online Shopping System | 2025-10-28 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /login_submit.php. Executing manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-12226 | 1 Mayurik | 1 Best House Rental Management System | 2025-10-28 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performing manipulation of the argument house_no results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | |||||
| CVE-2025-12242 | 1 Codeastro | 1 Gym Management System | 2025-10-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-12243 | 1 Fabian | 1 Client Details System | 2025-10-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the file clientdetails/welcome.php of the component GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-12252 | 1 Carmelo | 1 Online Event Judging System | 2025-10-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-12253 | 1 Amttgroup | 1 Hibos | 2025-10-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/portal/get_expiredtime.php. This manipulation of the argument uid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12254 | 1 Carmelo | 1 Online Event Judging System | 2025-10-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected by this issue is some unknown functionality of the file /add_judge.php. Such manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-12255 | 1 Carmelo | 1 Online Event Judging System | 2025-10-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown part of the file /add_contestant.php. Performing manipulation of the argument fullname results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. | |||||