Total
18620 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7515 | 1 Anisha | 1 Online Appointment Booking System | 2025-07-15 | 7.3 High |
| A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. This affects an unknown part of the file /ulocateus.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7612 | 2 Anisha, Code-projects | 2 Mobile Shop, Mobile Shop | 2025-07-15 | 7.3 High |
| A vulnerability was found in code-projects Mobile Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-51652 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php. | ||||
| CVE-2025-51653 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php. | ||||
| CVE-2025-51654 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php. | ||||
| CVE-2025-51655 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php. | ||||
| CVE-2025-51656 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php. | ||||
| CVE-2025-51657 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php. | ||||
| CVE-2025-51658 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php. | ||||
| CVE-2025-51659 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php. | ||||
| CVE-2024-36263 | 1 Apache | 1 Submarine | 2025-07-15 | 8.1 High |
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-51660 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php. | ||||
| CVE-2024-53947 | 2 Apache, Apache Software Foundation | 2 Superset, Apache Superset | 2025-07-15 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema. This issue affects Apache Superset: <4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS. | ||||
| CVE-2025-7467 | 1 Code-projects | 1 Modern Bag | 2025-07-15 | 7.3 High |
| A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This affects an unknown part of the file /product-detail.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7469 | 1 Campcodes | 1 Sales And Inventory System | 2025-07-15 | 7.3 High |
| A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/product_add.php. The manipulation of the argument prod_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7120 | 1 Campcodes | 1 Complaint Management System | 2025-07-15 | 7.3 High |
| A vulnerability was found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /users/check_availability.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7471 | 1 Code-projects | 1 Modern Bag | 2025-07-15 | 7.3 High |
| A vulnerability was found in code-projects Modern Bag 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/login-back.php. The manipulation of the argument user-name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7442 | 2 Dasinfomedia, Wordpress | 2 Wpgym Gym Management System, Wordpress | 2025-07-15 | 7.5 High |
| The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_expense, MJ_gmgt_get_monthly_income_expense, MJ_gmgt_add_class_limit, MJ_gmgt_view_meeting_detail, and MJ_gmgt_create_meeting functions in all versions up to 67.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-53678 | 1 Apache | 1 Vcl | 2025-07-14 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data returned by the SELECT statement is not viewable by the attacker. This issue affects all versions of Apache VCL from 2.2 through 2.5.1. Users are recommended to upgrade to version 2.5.2, which fixes the issue. | ||||
| CVE-2025-6767 | 1 Sfturing | 1 Hosp Order | 2025-07-13 | 6.3 Medium |
| A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been rated as critical. This issue affects the function findDoctorByCondition of the file DoctorServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||