Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7624 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-11-17 | N/A | 9.8 CRITICAL |
|
An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA.
|
|||||
| CVE-2025-1389 | 1 Learningdigital | 1 Orca Hcm | 2025-11-17 | N/A | 8.8 HIGH |
|
Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.
|
|||||
| CVE-2025-12855 | 1 Fabian | 1 Responsive Hotel Site | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A security flaw has been discovered in code-projects Responsive Hotel Site 1.0. This issue affects some unknown processing of the file /admin/newsletterdel.php. The manipulation of the argument eid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
|
|||||
| CVE-2025-12856 | 1 Fabian | 1 Responsive Hotel Site | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
|
|||||
| CVE-2025-12857 | 1 Fabian | 1 Responsive Hotel Site | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.php. Such manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-12913 | 1 Fabian | 1 Responsive Hotel Site | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A flaw has been found in code-projects Responsive Hotel Site 1.0. This affects an unknown part of the file /admin/roomdel.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
|
|||||
| CVE-2025-12932 | 1 Janobe | 1 Baby Care System | 2025-11-17 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=inbox. This manipulation of the argument msgid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-12933 | 1 Janobe | 1 Baby Care System | 2025-11-17 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcome. Such manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-12938 | 1 Projectworlds | 1 Online Admission System | 2025-11-17 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was identified in projectworlds Online Admission System 1.0. Affected by this vulnerability is an unknown functionality of the file /process_login.php. The manipulation of the argument keywords leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-12939 | 1 Janobe | 1 Interview Management System | 2025-11-17 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Affected by this issue is some unknown functionality of the file /addCandidate.php. The manipulation of the argument candName results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
|
|||||
| CVE-2025-13057 | 1 Campcodes | 1 School Fees Payment Management System | 2025-11-17 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_student. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-13059 | 1 Oretnom23 | 1 Alumni Management System | 2025-11-17 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A weakness has been identified in SourceCodester Alumni Management System 1.0. The impacted element is an unknown function of the file /manage_career.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
|
|||||
| CVE-2025-13060 | 1 Oretnom23 | 1 Survey Application System | 2025-11-17 | 7.5 HIGH | 7.3 HIGH |
|
A security vulnerability has been detected in SourceCodester Survey Application System 1.0. This affects an unknown function of the file /view_survey.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-13122 | 1 Pamzey | 1 Patients Waiting Area Queue Management System | 2025-11-17 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. The affected element is the function getPatientAppointment of the file /php/api_patient_checkin.php. Performing manipulation of the argument appointmentID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
|
|||||
| CVE-2025-13169 | 1 Fabian | 1 Simple Online Hotel Reservation System | 2025-11-17 | 7.5 HIGH | 7.3 HIGH |
|
A security vulnerability has been detected in code-projects Simple Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /add_query_reserve.php. Such manipulation of the argument room_id leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-11188 | 1 Synchroweb | 1 Kiwire | 2025-11-14 | N/A | 7.3 HIGH |
|
The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database.
|
|||||
| CVE-2025-10387 | 1 Codesiddhant | 1 Jasmin Ransomware | 2025-11-14 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was determined in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machine_name/computer_user/os/date/time/ip/location/systemid/password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-52425 | 1 Qnap | 1 Qumagie | 2025-11-14 | N/A | 9.8 CRITICAL |
|
An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following versions:
QuMagie 2.7.0 and later
|
|||||
| CVE-2025-6095 | 1 Codesiddhant | 1 Jasmin-ransomware | 2025-11-14 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-6096 | 1 Codesiddhant | 1 Jasmin-ransomware | 2025-11-14 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability has been found in codesiddhant Jasmin Ransomware up to 1.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The manipulation of the argument Search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-13121 | 2025-11-14 | 7.5 HIGH | 7.3 HIGH | ||
|
A security vulnerability has been detected in cameasy Liketea 1.0.0. Impacted is the function list of the file laravel/app/Http/Controllers/Front/StoreController.php of the component API Endpoint. Such manipulation of the argument lng/lat leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-11981 | 2025-11-14 | N/A | 4.9 MEDIUM | ||
|
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information f ...
Show More |
|||||
| CVE-2025-12620 | 2025-11-14 | N/A | 4.9 MEDIUM | ||
|
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to, and including, 6.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to ...
Show More |
|||||
| CVE-2022-4984 | 2025-11-14 | N/A | N/A | ||
|
ZenTao Biz < 6.5, ZenTao Max < 3.0, ZenTao Open Source Edition < 16.5, and ZenTao Open Source Edition < 16.5.beta1 contain an SQL injection vulnerability in the login functionality. The application does not properly validate the account parameter on /zentao/user-login.html before using it in a database query. A remote unauthenticated attacker can exploit this issue to execute crafted SQL expressions and retrieve sensitive information from the backend database, including user and application data ...
Show More |
|||||
| CVE-2025-4696 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2025-11-13 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-4695 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2025-11-13 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-22212 | 1 Convert Forms Project | 1 Convert Forms | 2025-11-13 | N/A | 2.7 LOW |
|
A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management area in backend.
|
|||||
| CVE-2025-11055 | 1 Fabian | 1 Online Hotel Reservation System | 2025-11-13 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was detected in SourceCodester Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/updateaddress.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
|
|||||
| CVE-2025-10843 | 1 Fabian | 1 Online Hotel Reservation System | 2025-11-13 | 7.5 HIGH | 7.3 HIGH |
|
A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
|
|||||
| CVE-2025-7744 | 1 Dolusoft | 1 Omaspot | 2025-11-13 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dolusoft Omaspot allows SQL Injection.This issue affects Omaspot: before 12.09.2025.
|
|||||
| CVE-2025-6883 | 1 Carmelo | 1 Staff Audit System | 2025-11-13 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in code-projects Staff Audit System 1.0. This vulnerability affects unknown code of the file /update_index.php. The manipulation of the argument updateid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6884 | 1 Carmelo | 1 Staff Audit System | 2025-11-13 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in code-projects Staff Audit System 1.0. This issue affects some unknown processing of the file /search_index.php. The manipulation of the argument Search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-10102 | 1 Carmelo | 1 Online Event Judging System | 2025-11-13 | 7.5 HIGH | 7.3 HIGH |
|
A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown function of the file /index.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
|
|||||
| CVE-2025-10103 | 1 Carmelo | 1 Online Event Judging System | 2025-11-13 | 7.5 HIGH | 7.3 HIGH |
|
A weakness has been identified in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /home.php. Executing manipulation of the argument main_event can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.
|
|||||
| CVE-2025-10104 | 1 Carmelo | 1 Online Event Judging System | 2025-11-13 | 7.5 HIGH | 7.3 HIGH |
|
A security vulnerability has been detected in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /review_search.php. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-9610 | 1 Carmelo | 1 Online Event Judging System | 2025-11-13 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /create_account.php. This manipulation of the argument fname causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Other parameters might be affected as well.
|
|||||
| CVE-2024-4654 | 1 Bluenettechnology | 1 Clinical Browsing System | 2025-11-13 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263499.
|
|||||
| CVE-2025-9789 | 1 Fabian | 1 Online Hotel Reservation System | 2025-11-13 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /admin/edituser.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-6458 | 1 Fabian | 1 Online Hotel Reservation System | 2025-11-13 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in code-projects Online Hotel Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/execedituser.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6457 | 1 Fabian | 1 Online Hotel Reservation System | 2025-11-13 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability, which was classified as critical, was found in code-projects Online Hotel Reservation System 1.0. This affects an unknown part of the file /reservation/demo.php. The manipulation of the argument Start leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||