CVE-2025-7385

CVE-2025-7385 affects GOV CMS with a vulnerability in the search query parameter handling that is not properly sanitized, enabling a Blind SQL injection. According to connected documents, the issue impacts GOV CMS versions prior to 4.0; versions 4.0 and above are not affected. The vulnerability c...

VulnCheck KEV: CVE-2025-32969

XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend,...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Blind SQL Injection

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Blind SQL Injection Vulnerability Details CVEID:CVE-2025-0165 DESCRIPTION: IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data is vulnerable to SQL injection. A remote attacker could send specially crafted SQL...

CVE-2025-54678

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 3.8.15...

CVE-2025-1929

CVE-2025-1929 concerns an SQL injection in Reel Sektör Hazine ve Risk Yönetimi Yazılımı (Risk Yazılım Teknolojileri Ltd. Şti.) through version 1.0.0.4. The issue is described as improper neutralization of special elements used in an SQL command, i.e., a blind SQL injection (CAPEC-7). Connected so...

CVE-2025-1929

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Injection, CAPEC - 7 - Blind SQL Injection. This issue affects Reel Sektör Hazine ve Risk Yönetimi...

CVE-2025-54678

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 3.8.15...

CVE-2025-54678 WordPress Easy Form Builder Plugin <= 3.8.15 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder allows Blind SQL Injection. This issue affects Easy Form Builder: from n/a through 3.8.15...

CVE-2025-49267 WordPress Frontend Admin by DynamiApps plugin <= 3.28.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Blind SQL Injection.This issue affects Frontend Admin by DynamiApps: from n/a through = 3.28.3...

PT-2025-33230 · Unknown · Easy Form Builder

Name of the Vulnerable Software and Affected Versions: Easy Form Builder versions through 3.8.15 Description: The software contains an improper neutralization of special elements used in an SQL command, resulting in a blind SQL injection issue. Recommendations: Update Easy Form Builder to a versi...

PT-2025-33175 · Metagauss · Profilegrid

Name of the Vulnerable Software and Affected Versions: Metagauss ProfileGrid versions through 5.9.5.3 Description: An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability exists in Metagauss ProfileGrid, allowing for blind SQL injection. Recommendations...

CVE-2025-6495

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

VulnCheck KEV: CVE-2025-6495

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability

A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack. This vulnerability is due to insufficient validation of user-supplied...

CVE-2025-52830

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BSecure - Your Universal Checkout bSecure - Your Universal Checkout bsecure allows Blind SQL Injection.This issue affects bSecure - Your Universal Checkout: from n/a through = 1.7.9...

CVE-2025-52830

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bSecure – Your Universal Checkout bSecure – Your Universal Checkout bsecure allows Blind SQL Injection.This issue affects bSecure – Your Universal Checkout: from n/a through = 1.7.9...

CVE-2025-30947

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus Cool fade popup cool-fade-popup allows Blind SQL Injection.This issue affects Cool fade popup: from n/a through = 10.1...

PT-2025-27940 · Unknown · Bsecure - Your Universal Checkout

Name of the Vulnerable Software and Affected Versions: bSecure - Your Universal Checkout versions 1.7.9 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, which affects the bSecure - Your Universal Checkout software. This...

CVE-2024-12150

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection. This issue affects Wowwo CRM. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will ...

CVE-2024-12150 SQLi in Eron Software's Wowwo CRM

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection.This issue affects Wowwo CRM. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will b...