ReportizFlow
Filtered by vendor
Subscriptions
Total
16891 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54153 | 1 Qnap | 2 Qsync, Qsync Central | 2025-10-08 | 8.8 High |
| An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later | ||||
| CVE-2024-36465 | 1 Zabbix | 1 Zabbix | 2025-10-08 | 8.8 High |
| A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter. | ||||
| CVE-2025-27240 | 1 Zabbix | 1 Zabbix | 2025-10-08 | 7.2 High |
| A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field. | ||||
| CVE-2025-10122 | 1 Maccms | 1 Maccms | 2025-10-08 | 4.7 Medium |
| A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-51506 | 1 Talentneuron | 1 Hrforecast Suite | 2025-10-08 | 6.5 Medium |
| In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/lookup endpoint. | ||||
| CVE-2025-7936 | 1 Fuyang Lipengjun | 1 Platform | 2025-10-07 | 6.3 Medium |
| A vulnerability has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a and classified as critical. Affected by this vulnerability is the function queryPage of the file com/platform/controller/ScheduleJobLogController.java. The manipulation of the argument beanName/methodName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2025-11089 | 1 Kidaze | 1 Courseselectionsystem | 2025-10-07 | 7.3 High |
| A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2025-61096 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2025-10-07 | 6.5 Medium |
| PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter. | ||||
| CVE-2025-11288 | 1 Crmeb | 1 Crmeb | 2025-10-07 | 6.3 Medium |
| A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing manipulation of the argument cate_id results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11329 | 3 Code-projects, Fabian, Online Course Registration Project | 3 Online Course Registration, Online Course Registration Site, Online Course Registration | 2025-10-07 | 7.3 High |
| A flaw has been found in code-projects Online Course Registration 1.0. Impacted is an unknown function of the file /admin/manage-students.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2025-11330 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-10-07 | 6.3 Medium |
| A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/sales-reports-detail.php. Such manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-11334 | 1 Campcodes | 1 Online Apartment Visitor Management System | 2025-10-07 | 7.3 High |
| A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-detail.php. The manipulation of the argument editid results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-61603 | 1 Wegia | 1 Wegia | 2025-10-07 | 9.8 Critical |
| WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0. | ||||
| CVE-2025-61605 | 1 Wegia | 1 Wegia | 2025-10-07 | 9.8 Critical |
| WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profile_pet.php endpoint, specifically in the id_pet parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0. | ||||
| CVE-2022-4445 | 1 Armandofiore | 1 Fl3r Feelbox | 2025-10-07 | 9.8 Critical |
| The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | ||||
| CVE-2024-56804 | 1 Qnap | 1 Video Station | 2025-10-07 | 8.8 High |
| An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later | ||||
| CVE-2025-8806 | 1 Zhilink | 2 Adp Application Developer Platform, Application Developer Platform | 2025-10-06 | 6.3 Medium |
| A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/treeData. The manipulation of the argument extId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11319 | 1 Nahiduddinahammed | 1 Hospital Management System | 2025-10-06 | 6.3 Medium |
| A weakness has been identified in nahiduddinahammed Hospital-Management-System-Website up to e6562429e14b2f88bd2139cae16e87b965024097. This issue affects some unknown processing of the file /delete.php. This manipulation of the argument ai causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-9410 | 2 Lostvip, Ruoyi | 2 Ruoyi-go, Ruoyi | 2025-10-06 | 6.3 Medium |
| A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-56407 | 2 Huangdou, Utcms Project | 2 Utcms, Utcms | 2025-10-06 | 8.8 High |
| A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/mysql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||