Total
16933 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10844 | 1 Portabilis | 1 I-educar | 2025-11-04 | 6.3 Medium |
| A vulnerability has been found in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /module/Cadastro/aluno. The manipulation of the argument is leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-59213 | 1 Microsoft | 4 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 1 more | 2025-11-04 | 8.4 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-55320 | 1 Microsoft | 5 Configuration Manager, Configuration Manager 2403, Configuration Manager 2409 and 2 more | 2025-11-04 | 6.8 Medium |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network. | ||||
| CVE-2024-30928 | 1 Derbynet | 1 Derbynet | 2025-11-04 | 8.1 High |
| SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc | ||||
| CVE-2024-30922 | 1 Derbynet | 1 Derbynet | 2025-11-04 | 9.8 Critical |
| SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering. | ||||
| CVE-2024-0480 | 1 Jifeer | 1 Taokeyun | 2025-11-04 | 7.3 High |
| A vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250585 was assigned to this vulnerability. | ||||
| CVE-2023-49934 | 1 Schedmd | 1 Slurm | 2025-11-04 | 9.8 Critical |
| An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1. | ||||
| CVE-2024-3704 | 1 Opengnsys | 1 Opengnsys | 2025-11-04 | 9.8 Critical |
| SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database. | ||||
| CVE-2024-11956 | 1 Pimcore | 2 Customer-data-framework, Pimcore | 2025-11-04 | 4.7 Medium |
| A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-8877 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2025-11-04 | 9.8 Critical |
| Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05. | ||||
| CVE-2024-8503 | 1 Vicidial | 1 Vicidial | 2025-11-04 | 9.8 Critical |
| An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database. | ||||
| CVE-2024-42005 | 2 Djangoproject, Redhat | 6 Django, Ansible Automation Platform, Discovery and 3 more | 2025-11-04 | 9.8 Critical |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. | ||||
| CVE-2024-31460 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2025-11-04 | 6.5 Medium |
| Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue. | ||||
| CVE-2024-31458 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2025-11-04 | 4.6 Medium |
| Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue. | ||||
| CVE-2024-31445 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2025-11-04 | 8.8 High |
| Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue. | ||||
| CVE-2024-9465 | 1 Paloaltonetworks | 1 Expedition | 2025-11-04 | 9.1 Critical |
| An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system. | ||||
| CVE-2025-12463 | 1 Guetebruck | 1 G-cam | 2025-11-04 | 9.8 Critical |
| An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` script. This has been confirmed on the EFD-2130 camera running firmware version 1.12.0.19. | ||||
| CVE-2025-11740 | 1 Wordpress | 1 Wordpress | 2025-11-04 | 6.5 Medium |
| The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the Subscriptions Manager in all versions up to, and including, 2.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-12503 | 2025-11-04 | 6.5 Medium | ||
| EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2025-64366 | 2 Stylemixthemes, Wordpress | 2 Masterstudy Lms, Wordpress | 2025-11-04 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.6.27. | ||||