CVE-2025-62617

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...

MGASA-2025-0243 Updated python-django packages fix a security vulnerability

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

EUVD-2025-35541

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through = 3.8.5...

EUVD-2025-35568

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through = 0.3.6...

CVE-2025-62015

CVE-2025-62015 is a SQL Injection in WordPress plugin Advanced Coupons for WooCommerce Coupons (free version), affecting versions up to and including 4.6.8 due to improper neutralization of SQL, with multiple sources confirming and a patch released (updated to 4.6.8+). Mitigation: update to the p...

CVE-2025-59557

CVE-2025-59557 concerns a SQL injection in the WordPress plugin Learts Addons (versions prior to 1.7.5). The root cause is improper neutralization of special elements used in SQL commands in the learts-addons component, enabling potential SQL injection attacks. Affected product: WordPress plugin ...

CVE-2025-49931 WordPress JetSearch plugin <= 3.5.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through = 3.5.10...

CVE-2025-49915

The CVE-2025-49915 entry describes an SQL Injection vulnerability in the Cozy Vision SMS Alert Order Notifications (WordPress SMS Alert Order Notifications) plugin for WordPress. Affected component: the sms-alert functionality within the plugin, with versions up to and including 3.8.5. Root cause...

CVE-2025-57870 BUG-000179884 - There is a security vulnerability in ArcGIS Server Feature Services.

A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful exploitation can...

ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability (CNVD-2025-29927)

ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO. Get a better view of your IT data with rich visualizations and dashboards. ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability, the vulnerability is due to insufficient input validation. An attacker can...

Esri ArcGIS Server SQL注入漏洞

Esri ArcGIS Server is a web-oriented enterprise software platform available for providing geolocation services from Esri. An SQL injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4, and 11.5 that originates from unauthenticated input for a specific ArcGIS element service...

WordPress Plugin AnyComment 安全漏洞

WordPress AnyComment plugin is a WordPress comment plugin based on React development, focusing on simplicity and speed. It provides basic commenting functionality and supports seamless migration from other plugins e.g. Jetpack, wpDiscuz, etc. and can be supported through GitHub or VK community...

WordPress plugin Advanced Coupons for WooCommerce Coupons SQL注入漏洞

WordPress Advanced Coupons for WooCommerce Coupons plugin is a free plugin designed for WooCommerce to enhance e-commerce marketing by extending coupon functionality. WordPress Advanced Coupons for WooCommerce Coupons plugin suffers from a SQL injection vulnerability that stems from the...

WordPress plugin JetSearch SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

PT-2025-43154

Name of the Vulnerable Software and Affected Versions Alexander AnyComment versions through 0.3.6 Description A flaw exists in Alexander AnyComment that allows for SQL Injection. The issue is due to improper neutralization of special elements used in an SQL command. This could allow an attacker t...

CVE-2025-53053

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2025-9428 SQL Injection

Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api...

CVE-2025-26392

SolarWinds Observability Self-Hosted is affected by CVE-2025-26392: an SQL injection vulnerability that can disclose sensitive data when authenticated from a low-privilege account. The issue affects the product as described in multiple sources (NVD, Red Hat/CIRCL/CVE lists and related advisories)...

WordPress TARIFFUXX plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress TARIFFUXX plugin suffers from a SQL injection vulnerability that stems from insufficient cleanup of the tariffuxxconfigurator shortcode for user-supplied input, which...

EUVD-2025-35101

There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings...