Total
16115 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25106 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in webuidesigning NebulaX Theme up to 5.0 on WordPress. This issue affects the function nebula_send_to_hubspot of the file libs/Legacy/Legacy.php. The manipulation leads to sql injection. The attack may be initiated remotely. The patch is named 41230a81db0f671c570c2644bc2f80565ca83c5a. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-49655 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3. | ||||
| CVE-2024-6160 | 1 Jan Syski | 1 Megabip | 2025-07-13 | N/A |
| SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through 5.12.1. | ||||
| CVE-2024-55974 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AMS Nexe Iberica Mimoos allows SQL Injection.This issue affects Mimoos: from n/a through 1.2. | ||||
| CVE-2024-55985 | 2 Wordpress, Ydesignservices | 2 Wordpress, Yds Support Ticket System | 2025-07-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ydesignservices YDS Support Ticket System allows SQL Injection.This issue affects YDS Support Ticket System: from n/a through 1.0. | ||||
| CVE-2025-22502 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mindvalley MindValley Super PageMash allows SQL Injection.This issue affects MindValley Super PageMash: from n/a through 1.1. | ||||
| CVE-2025-26908 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gurmehub Kargo Entegratör allows SQL Injection. This issue affects Kargo Entegratör: from n/a through 1.1.14. | ||||
| CVE-2025-48281 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer allows Blind SQL Injection. This issue affects MyStyle Custom Product Designer: from n/a through 3.21.1. | ||||
| CVE-2025-22536 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hiren Patel WP Music Player allows SQL Injection.This issue affects WP Music Player: from n/a through 1.3. | ||||
| CVE-2025-30590 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dourou Flickr set slideshows allows SQL Injection. This issue affects Flickr set slideshows: from n/a through 0.9. | ||||
| CVE-2025-32685 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries allows SQL Injection. This issue affects WP Inquiries: from n/a through 0.2.1. | ||||
| CVE-2024-56212 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9. | ||||
| CVE-2024-54283 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through 6.18.10. | ||||
| CVE-2024-2514 | 1 Magesh-k21 | 1 Online-college-event-hall-reservation-system | 2025-07-13 | 7.3 High |
| A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256951. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-32287 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist allows SQL Injection. This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through 3.5.7. | ||||
| CVE-2025-0391 | 1 Guangzhou Huayi Intelligent Technology | 1 Jeewms | 2025-07-13 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-0462 | 1 Shanghai Lingdang Information Technology | 1 Lingdang Crm | 2025-07-13 | 6.3 Medium |
| A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as critical. This issue affects some unknown processing of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1. The manipulation of the argument searchcontent leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0486 | 1 Fanli2012 | 1 Native-php-cms | 2025-07-13 | 7.3 High |
| A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fladmin/login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0531 | 1 Code-projects | 1 Chat System | 2025-07-13 | 6.3 Medium |
| A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/leaveroom.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0579 | 1 Opencart | 1 Opencart | 2025-07-13 | 7.3 High |
| A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||