Total
17507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15442 | 1 Crmeb | 1 Crmeb | 2026-01-08 | 4.7 Medium |
| A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/product_list. This manipulation of the argument cate_id causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15446 | 1 Seeyon | 1 Zhiyuan Oa Web Application System | 2026-01-08 | 7.3 High |
| A flaw has been found in Seeyon Zhiyuan OA Web Application System up to 20251223. The impacted element is an unknown function of the file /assetsGroupReport/fixedAssetsList.j%73p. Executing a manipulation of the argument unitCode can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15447 | 1 Seeyon | 1 Zhiyuan Oa Web Application System | 2026-01-08 | 7.3 High |
| A vulnerability has been found in Seeyon Zhiyuan OA Web Application System up to 20251223. This affects an unknown function of the file /assetsGroupReport/assetsService.j%73p. The manipulation of the argument unitCode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-68865 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2026-01-08 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global allows SQL Injection.This issue affects Infility Global: from n/a through 2.14.48. | ||||
| CVE-2025-15238 | 1 Quanta Computer | 1 Qoca Aim Ai Medical Cloud Platform | 2026-01-08 | 6.5 Medium |
| QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2025-15443 | 1 Crmeb | 1 Crmeb | 2026-01-08 | 4.7 Medium |
| A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/product_export. Such manipulation of the argument cate_id leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-15450 | 1 Sfturing | 1 Hosp Order | 2026-01-08 | 6.3 Medium |
| A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-0567 | 1 Code-projects | 1 Content Management System | 2026-01-08 | 7.3 High |
| A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. | ||||
| CVE-2025-15239 | 1 Quanta Computer | 1 Qoca Aim Ai Medical Cloud Platform | 2026-01-08 | 6.5 Medium |
| QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2025-13652 | 1 Wordpress | 1 Wordpress | 2026-01-08 | 6.5 Medium |
| The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-13409 | 2 Wordpress, Wpvibes | 2 Wordpress, Form Vibes | 2026-01-08 | 4.9 Medium |
| The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-0606 | 1 Code-projects | 1 Online Music Site | 2026-01-08 | 7.3 High |
| A vulnerability was detected in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /FrontEnd/Albums.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2025-69351 | 1 Wordpress | 1 Wordpress | 2026-01-08 | 6.5 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tables: from n/a through <= 5.2.4. | ||||
| CVE-2025-14153 | 2 Vikasratudi, Wordpress | 2 Page Expire Popup/redirection For Wordpress, Wordpress | 2026-01-08 | 6.5 Medium |
| The Page Expire Popup/Redirection for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' shortcode attribute in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Author-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-59379 | 2026-01-08 | 7.5 High | ||
| DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker to steal credentials, which may be cleartext, from existing users (and admins) and use them to authenticate to the application. | ||||
| CVE-2026-0605 | 1 Code-projects | 1 Online Music Site | 2026-01-08 | 7.3 High |
| A security vulnerability has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Such manipulation of the argument username/password leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-0607 | 1 Code-projects | 1 Online Music Site | 2026-01-08 | 7.3 High |
| A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2026-21856 | 2026-01-08 | 7.2 High | ||
| The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against the MySQL database. Commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 contains a patch. | ||||
| CVE-2025-32303 | 1 Wordpress | 1 Wordpress | 2026-01-08 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0. | ||||
| CVE-2026-21892 | 2026-01-08 | 5.3 Medium | ||
| Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-supplied input (workflow_id) directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to inject arbitrary SQL commands, potentially leading to data exfiltration or denial of service against the monitoring database. Version 2026.01.05 fixes the issue. | ||||