CVE-2025-39569

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in taskbuilder Taskbuilder taskbuilder allows Blind SQL Injection.This issue affects Taskbuilder: from n/a through = 4.0.1...

Apache Airflow Common SQL Provider Vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Airflow Common SQL Provider. When using the partition clause in SQLTableCheckOperator as parameter which was a recommended pattern, Authenticated UI User could inject arbitrary SQL command...

BIT-DOLIBARR-2022-0224 SQL Injection in dolibarr/dolibarr

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

CVE-2024-6841

A Cross-Site Request Forgery CSRF vulnerability exists in the latest commit 56b782bcefd2e59b19cd7ba7878b95f54884f502 of the vanna-ai/vanna repository. Two endpoints in the built-in web app that provide SQL functionality are implemented as simple GET requests, making them susceptible to CSRF...

CVE-2025-22370

Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized...

CVE-2025-22370

CVE-2025-22370 affects Mennekes Smart / Premium chargingpoints firmware web configuration interface. The vulnerability arises from insufficient input neutralization in multiple web config fields, allowing an attacker to execute arbitrary SQL commands. The issue is associated with firmware version...

CVE-2025-25150

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix uListing ulisting allows Blind SQL Injection.This issue affects uListing: from n/a through = 2.1.6...

CVE-2025-26974

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Blind SQL Injection.This issue affects WP Multistore Locator: from n/a through = 2.5.1...

CVE-2024-35475

A Cross-Site Request Forgery CSRF vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands...

CVE-2021-26114

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2024-43415

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...

CVE-2024-27940

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database...

CVE-2024-20536

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. This vulnerability is due to insufficient...

CVE-2024-39766

Improper neutralization of special elements used in SQL command in some IntelR Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

Dell Avamar SQL Injection Vulnerability (CNVD-2024-49614)

Dell Avamar is a purpose-built backup application from Dell, Inc. It is designed to provide a conveniently sized, turnkey, affordable, deduplicated backup solution. Dell Avamar suffers from a SQL injection vulnerability that arises from an improper neutralization of special elements used in SQL...

CVE-2024-53807

WP Mailster (Brandtoss) CVE-2024-53807 is a SQL Injection vulnerability affecting WP Mailster versions up to 1.8.16.0. Public docs indicate an authenticated (Contributor+) SQL injection via the orderby parameter, described as Blind SQL Injection with high impact. Patch status in the CVE details i...

SQL Injection

decidimawesome-module is vulnerable to SQL Injection. The vulnerability is due to improper neutralization of special elements in SQL commands within the papertrail/version model, allowing an authenticated admin user to manipulate SQL queries to disclose information, read/write files, or execute...

CVE-2024-7882 SQLi in Special Minds' e-Commerce

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Special Minds Design and Software e-Commerce allows SQL Injection. This issue affects e-Commerce: before 22.11.2024...

CVE-2024-39766

Summary: CVE-2024-39766 affects Intel Neural Compressor software before version 3.0. The issue is described as improper neutralization of special elements used in an SQL command, which may allow an authenticated user to escalate privileges via local access. Impact (as stated): privilege escalatio...

CVE-2024-39766

Improper neutralization of special elements used in SQL command in some IntelR Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access...