Total
18748 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62386 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62385 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62384 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62383 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-61548 | 1 Edubusinesssolutions | 1 Print Shop Pro Webdesk | 2026-02-10 | 9.8 Critical |
| SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands | ||||
| CVE-2025-11623 | 1 Ivanti | 1 Endpoint Manager | 2026-02-10 | 6.5 Medium |
| SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-15325 | 1 Tanium | 2 Discover, Service Discover | 2026-02-10 | 6.3 Medium |
| Tanium addressed an improper input validation vulnerability in Discover. | ||||
| CVE-2022-46763 | 2 Microsoft, Trueconf | 2 Windows, Server | 2026-02-10 | 8.8 High |
| A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code. | ||||
| CVE-2020-37076 | 2 Victor Cms Project, Victoralagwu | 2 Victor Cms, Cmssite | 2026-02-10 | 8.2 High |
| Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based, error-based, and time-based injection techniques. | ||||
| CVE-2025-69214 | 1 Devcode | 1 Openstamanager | 2026-02-09 | 8.8 High |
| OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the options[matricola] parameter. | ||||
| CVE-2025-69216 | 1 Devcode | 1 Openstamanager | 2026-02-09 | 6.5 Medium |
| OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print template allows any authenticated user to extract sensitive data from the database, including admin credentials, customer information, and financial records. The vulnerability exists in templates/scadenzario/init.php, where the id_anagrafica parameter is directly concatenated into an SQL query without proper sanitization. The vulnerability enables complete database read access through error-based SQL injection techniques. | ||||
| CVE-2025-5553 | 1 Phpgurukul | 1 Rail Pass Management System | 2026-02-06 | 7.3 High |
| A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-44151 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2026-02-06 | 9.8 Critical |
| Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php. | ||||
| CVE-2024-36597 | 1 Projectworlds | 1 Life Insurance Management System | 2026-02-06 | 8.8 High |
| Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php. | ||||
| CVE-2023-51951 | 1 Stock Management System Project | 1 Stock Management System | 2026-02-06 | 9.8 Critical |
| SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file. | ||||
| CVE-2022-2421 | 1 Socket | 1 Socket.io-parser | 2026-02-06 | 10 Critical |
| Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object. | ||||
| CVE-2025-57792 | 1 Explorance | 1 Blue | 2026-02-05 | 10 Critical |
| Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue is exploitable without authentication, significantly raising the risk. | ||||
| CVE-2025-57793 | 1 Explorance | 1 Blue | 2026-02-05 | 8.6 High |
| Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly elevating the risk. | ||||
| CVE-2025-63689 | 2 Money-pos, Ycf1998 | 2 Money-pos, Money-pos | 2026-02-05 | 10 Critical |
| Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the orderby parameter | ||||
| CVE-2023-42178 | 1 Lenosp Project | 1 Lenosp | 2026-02-03 | 6.5 Medium |
| Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module. | ||||