8260 matches found
CVE-2025-8715
Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...
CVE-2025-54707
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows SQL Injection.This issue affects MDTF: from n/a through = 1.3.3.7...
CVE-2025-52820
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in infosoftplugin WooCommerce Point Of Sale POS woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale POS: from n/a through = 1.4...
CVE-2025-52720
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super Store Finder: from n/a through = 7.5...
CVE-2025-49267
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Blind SQL Injection.This issue affects Frontend Admin by DynamiApps: from n/a through = 3.28.3...
CVE-2025-49033
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from n/a through = 5.9.5.3...
CVE-2025-54707
CVE-2025-54707 : SQL Injection in RealMag777 MDTF (MDTF WordPress plugin). Affected: RealMag777 MDTF up to version 1.3.3.7. Root cause: improper neutralization of special elements in SQL commands. Impact (per sources): potential SQL injection with high risk (CVSS v3.1/CRITICAL, network attack sur...
CVE-2025-39510
CVE-2025-39510 affects the WordPress plugin “Pinterest Automatic Pin” (ValvePress). The issue is an SQL Injection due to improper neutralization of inputs in the plugin prior to version 4.19.0. Affected versions are those before 4.19.0 (reported as
CVE-2025-39510 WordPress Pinterest Automatic Pin plugin < 4.19.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows SQL Injection.This issue affects Pinterest Automatic Pin: from n/a through 4.19.0...
CVE-2025-49059 WordPress CleverReach® WP Plugin <= 1.5.20 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through = 1.5.20...
CVE-2025-49267 WordPress Frontend Admin by DynamiApps <= 3.28.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Blind SQL Injection. This issue affects Frontend Admin by DynamiApps: from n/a through 3.28.3...
CVE-2025-52720
CVE-2025-52720 affects WordPress plugins: Super Store Finder (versions =7.5) to mitigate.
CVE-2025-52820 WordPress WooCommerce Point Of Sale (POS) <= 1.4 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in infosoftplugin WooCommerce Point Of Sale POS woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale POS: from n/a through = 1.4...
CVE-2025-52823 WordPress Cube Portfolio Plugin <= 1.16.8 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ovatheme Cube Portfolio cubeportfolio allows SQL Injection.This issue affects Cube Portfolio: from n/a through = 1.16.8...
CVE-2025-8957 Campcodes Online Flight Booking Management System flights.php sql injection
A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departureairportid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...
CVE-2025-8952
A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be...
CVE-2025-8953
A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /checkavailability.php. The manipulation of the argument employeeid leads to sql injection. The attack may be launched remotely. The exploit ha...
CVE-2025-8952
A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be...
CVE-2025-8954 PHPGurukul Hospital Management System doctor-specilization.php sql injection
A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-8954
CVE-2025-8954 affects PHPGurukul Hospital Management System 4.0 in the /admin/doctor-specilization.php file, where the doctorspecilization parameter is susceptible to SQL injection. The vulnerability can be exploited remotely and an exploit has been publicly disclosed. Multiple connected sources ...