Total
15270 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39587 | 2025-04-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix Cost Calculator Builder allows SQL Injection. This issue affects Cost Calculator Builder: from n/a through 3.2.65. | |||||
| CVE-2025-32573 | 2025-04-17 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiotviet KiotViet Sync allows SQL Injection. This issue affects KiotViet Sync: from n/a through 1.8.3. | |||||
| CVE-2025-32626 | 2025-04-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Job Manager allows SQL Injection. This issue affects JS Job Manager: from n/a through 2.0.2. | |||||
| CVE-2025-32636 | 2025-04-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in matthewrubin Local Magic allows SQL Injection. This issue affects Local Magic: from n/a through 2.6.0. | |||||
| CVE-2025-39595 | 2025-04-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quentn.com GmbH Quentn WP allows SQL Injection. This issue affects Quentn WP: from n/a through 1.2.8. | |||||
| CVE-2025-32665 | 2025-04-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator allows SQL Injection. This issue affects Office Locator: from n/a through 1.3.0. | |||||
| CVE-2025-39569 | 2025-04-17 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in taskbuilder Taskbuilder allows Blind SQL Injection. This issue affects Taskbuilder: from n/a through 4.0.1. | |||||
| CVE-2025-39586 | 2025-04-17 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.4.8. | |||||
| CVE-2022-42535 | 1 Google | 1 Android | 2025-04-17 | N/A | 5.5 MEDIUM |
| In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770183 | |||||
| CVE-2024-48238 | 1 Wtcms Project | 1 Wtcms | 2025-04-17 | N/A | 4.7 MEDIUM |
| WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter. | |||||
| CVE-2024-25517 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.8 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. | |||||
| CVE-2024-25518 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx. | |||||
| CVE-2024-25519 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.8 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. | |||||
| CVE-2024-25520 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.8 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. | |||||
| CVE-2024-25521 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. | |||||
| CVE-2024-25522 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. | |||||
| CVE-2024-25523 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.8 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. | |||||
| CVE-2024-25524 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. | |||||
| CVE-2024-25525 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.8 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx. | |||||
| CVE-2024-25526 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 8.1 HIGH |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. | |||||