8251 matches found
CVE-2025-49931 WordPress JetSearch plugin <= 3.5.10 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through = 3.5.10...
CVE-2025-49915 WordPress SMS Alert Order Notifications plugin <= 3.8.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through = 3.8.5...
CVE-2025-49915
The CVE-2025-49915 entry describes an SQL Injection vulnerability in the Cozy Vision SMS Alert Order Notifications (WordPress SMS Alert Order Notifications) plugin for WordPress. Affected component: the sms-alert functionality within the plugin, with versions up to and including 3.8.5. Root cause...
CVE-2025-49378 WordPress Hydra Booking plugin <= 1.1.10 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through = 1.1.10...
CVE-2025-57870 BUG-000179884 - There is a security vulnerability in ArcGIS Server Feature Services.
A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful exploitation can...
ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability (CNVD-2025-29927)
ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO. Get a better view of your IT data with rich visualizations and dashboards. ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability, the vulnerability is due to insufficient input validation. An attacker can...
PT-2025-43154
Name of the Vulnerable Software and Affected Versions Alexander AnyComment versions through 0.3.6 Description A flaw exists in Alexander AnyComment that allows for SQL Injection. The issue is due to improper neutralization of special elements used in an SQL command. This could allow an attacker t...
WordPress plugin JetSearch SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...
Esri ArcGIS Server SQL注入漏洞
Esri ArcGIS Server is a web-oriented enterprise software platform available for providing geolocation services from Esri. An SQL injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4, and 11.5 that originates from unauthenticated input for a specific ArcGIS element service...
WordPress plugin Advanced Coupons for WooCommerce Coupons SQL注入漏洞
WordPress Advanced Coupons for WooCommerce Coupons plugin is a free plugin designed for WooCommerce to enhance e-commerce marketing by extending coupon functionality. WordPress Advanced Coupons for WooCommerce Coupons plugin suffers from a SQL injection vulnerability that stems from the...
WordPress Plugin AnyComment 安全漏洞
WordPress AnyComment plugin is a WordPress comment plugin based on React development, focusing on simplicity and speed. It provides basic commenting functionality and supports seamless migration from other plugins e.g. Jetpack, wpDiscuz, etc. and can be supported through GitHub or VK community...
CVE-2025-53053
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...
CVE-2025-9428 SQL Injection
Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api...
CVE-2025-41028
A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’...
CVE-2025-26392
SolarWinds Observability Self-Hosted is affected by CVE-2025-26392: an SQL injection vulnerability that can disclose sensitive data when authenticated from a low-privilege account. The issue affects the product as described in multiple sources (NVD, Red Hat/CIRCL/CVE lists and related advisories)...
DaiCuo CMS 安全漏洞
DaiCuo CMS is a PHP news article management system by DaiCuo individual developer. A security vulnerability exists in DaiCuo CMS version V1.3.13, which originates from a SQL injection vulnerability in file library hinkdbBuilder.php...
WordPress TARIFFUXX plugin SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress TARIFFUXX plugin suffers from a SQL injection vulnerability that stems from insufficient cleanup of the tariffuxxconfigurator shortcode for user-supplied input, which...
EUVD-2025-35106
SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...
EUVD-2025-35101
There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings...
CVE-2025-8052
SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...