CVE-2025-8052 HQL Injection vulnerability has been discovered in Opentext Flipper.

SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...

CVE-2025-60514

Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...

CVE-2025-47902

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5...

CVE-2025-47902 SQL Injection in web resource

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5...

CVE-2025-11944 givanz Vvveb Raw SQL import.php import sql injection

A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and...

CVE-2025-11691

The CVE-2025-11691 entry concerns the PPOM – Product Addons & Custom Fields for WooCommerce WordPress plugin. A SQL Injection exists in PPOM_Meta::get_fields_by_id() for all versions up to 33.0.15 due to insufficient escaping of user input and inadequate query preparation. The vulnerability is ex...

CVE-2025-62422 DataEase SQL injection vulnerability

DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...

CVE-2025-41018

SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...

CVE-2025-41019

SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticketdetail'...

Centreon Web SQL Injection Vulnerability (CNVD-2025-24418)

Centreon Web is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. A security vulnerability exists in Centreon Web, which originates from an SQL injection on the Meta...

EUVD-2025-34799

SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows an unauthenticated user to execute arbitrary SQL commands via the sender parameter...

CVE-2025-56700

Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows a low level priviliged user that has access to the platform, to execute arbitrary SQL commands via the datafine parameter...

CVE-2025-10045

The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2025-41019

SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticketdetail'...

CVE-2025-41018

SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...

EUVD-2025-34736

SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...

Ultimate PHP Board 安全漏洞

Ultimate PHP Board is a message board software from PHP Outburst open source. A security vulnerability exists in Ultimate PHP Board version 2.2.7, which stems from an unvalidated username field in lostpassword.php and could lead to a SQL injection attack...

EUVD-2025-34548

The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'googlemap' shortcode in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

Courier Management System add-courier.php File SQL Injection Vulnerability

Courier Management System is a courier management system. The Courier Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Shippername in the file /add-courier.php. An attacker can exploit th...

Online Job Search Engine registration.php File SQL Injection Vulnerability

Online Job Search Engine is an online job search engine. Online Job Search Engine suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter txtusername in the file /registration.php. An attacker can exploit this...