Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50717 | 1 Smarts-srl | 1 Smart Agent | 2025-04-18 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component.
|
|||||
| CVE-2024-34220 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-18 | N/A | 7.5 HIGH |
|
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.
|
|||||
| CVE-2024-34222 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-18 | N/A | 5.9 MEDIUM |
|
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter.
|
|||||
| CVE-2022-20518 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
|
In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203
|
|||||
| CVE-2022-20517 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
|
In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956
|
|||||
| CVE-2024-57095 | 1 Go-admin | 1 Go-cms | 2025-04-18 | N/A | 6.8 MEDIUM |
|
SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload.
|
|||||
| CVE-2025-0950 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-04-18 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file staffview.php. The manipulation of the argument staffid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-25991 | 1 Hoosk | 1 Hoosk | 2025-04-18 | N/A | 5.1 MEDIUM |
|
SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.
|
|||||
| CVE-2024-48177 | 1 Mrcms | 1 Mrcms | 2025-04-18 | N/A | 8.8 HIGH |
|
MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do.
|
|||||
| CVE-2024-2592 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 8.2 HIGH |
|
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
|
|||||
| CVE-2024-2591 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 8.2 HIGH |
|
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
|
|||||
| CVE-2024-2590 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 8.2 HIGH |
|
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
|
|||||
| CVE-2024-2589 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 8.2 HIGH |
|
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
|
|||||
| CVE-2025-22655 | 2025-04-17 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links allows SQL Injection. This issue affects CWD – Stealth Links: from n/a through 1.3.
|
|||||
| CVE-2025-27302 | 2025-04-17 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Claudio Adrian Marrero CHATLIVE allows SQL Injection. This issue affects CHATLIVE: from n/a through 2.0.1.
|
|||||
| CVE-2025-39586 | 2025-04-17 | N/A | 8.5 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.4.8.
|
|||||
| CVE-2025-32636 | 2025-04-17 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in matthewrubin Local Magic allows SQL Injection. This issue affects Local Magic: from n/a through 2.6.0.
|
|||||
| CVE-2025-39595 | 2025-04-17 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quentn.com GmbH Quentn WP allows SQL Injection. This issue affects Quentn WP: from n/a through 1.2.8.
|
|||||
| CVE-2025-32665 | 2025-04-17 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator allows SQL Injection. This issue affects Office Locator: from n/a through 1.3.0.
|
|||||
| CVE-2025-39569 | 2025-04-17 | N/A | 8.5 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder allows Blind SQL Injection. This issue affects Taskbuilder: from n/a through 4.0.1.
|
|||||
| CVE-2025-39587 | 2025-04-17 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix Cost Calculator Builder allows SQL Injection. This issue affects Cost Calculator Builder: from n/a through 3.2.65.
|
|||||
| CVE-2025-32573 | 2025-04-17 | N/A | 8.5 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiotviet KiotViet Sync allows SQL Injection. This issue affects KiotViet Sync: from n/a through 1.8.3.
|
|||||
| CVE-2022-42535 | 1 Google | 1 Android | 2025-04-17 | N/A | 5.5 MEDIUM |
|
In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770183
|
|||||
| CVE-2024-48238 | 1 Wtcms Project | 1 Wtcms | 2025-04-17 | N/A | 4.7 MEDIUM |
|
WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter.
|
|||||
| CVE-2024-25517 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.8 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx.
|
|||||
| CVE-2024-25518 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.4 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx.
|
|||||
| CVE-2024-25519 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.8 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx.
|
|||||
| CVE-2024-25520 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.8 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx.
|
|||||
| CVE-2024-25521 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.4 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.
|
|||||
| CVE-2024-25522 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.4 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx.
|
|||||
| CVE-2024-25523 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.8 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx.
|
|||||
| CVE-2024-25524 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.4 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx.
|
|||||
| CVE-2024-25525 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.8 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx.
|
|||||
| CVE-2024-25526 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 8.1 HIGH |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx.
|
|||||
| CVE-2024-25527 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.4 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.
|
|||||
| CVE-2024-25529 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.8 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx.
|
|||||
| CVE-2024-25530 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.8 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx.
|
|||||
| CVE-2024-25531 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.8 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx.
|
|||||
| CVE-2024-25528 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 5.9 MEDIUM |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.
|
|||||
| CVE-2024-25532 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.8 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.
|
|||||