Search Results (19656 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-12197 2 Stellarwp, Wordpress 2 The Events Calendar, Wordpress 2026-04-15 7.5 High
The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2025-69308 2 Teconcetheme, Wordpress 2 Nestbyte Core, Wordpress 2026-04-15 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Nestbyte Core nestbyte-core allows Blind SQL Injection.This issue affects Nestbyte Core: from n/a through <= 1.2.
CVE-2025-69305 2 Teconcetheme, Wordpress 2 Crete Core, Wordpress 2026-04-15 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Crete Core crete-core allows Blind SQL Injection.This issue affects Crete Core: from n/a through <= 1.4.3.
CVE-2025-69304 2 Teconcetheme, Wordpress 2 Allmart, Wordpress 2026-04-15 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Allmart allmart-core allows Blind SQL Injection.This issue affects Allmart: from n/a through <= 1.1.
CVE-2025-23176 1 Tecnick 1 Tcexam 2026-04-15 8.8 High
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-45065 2026-04-15 9.8 Critical
employee record management system in php and mysql v1 was discovered to contain a SQL injection vulnerability via the loginerms.php endpoint.
CVE-2025-69307 2 Teconcetheme, Wordpress 2 Medinik Core, Wordpress 2026-04-15 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through <= 1.3.6.
CVE-2025-8264 1 Z-push 1 Z-push-dev 2026-04-15 9 Critical
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modify or delete sensitive data from a linked third-party database. **Note:** This vulnerability affects Z-Push installations that utilize the IMAP backend and have the IMAP_FROM_SQL_QUERY option configured. Mitigation Change configuration to use the default or LDAP in backend/imap/config.php php define('IMAP_DEFAULTFROM', ''); or php define('IMAP_DEFAULTFROM', 'ldap');
CVE-2025-69306 2 Teconcetheme, Wordpress 2 Electio Core, Wordpress 2026-04-15 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Electio Core electio-core allows Blind SQL Injection.This issue affects Electio Core: from n/a through <= 1.4.
CVE-2024-27709 1 Eskooly 1 Web Product 2026-04-15 9.8 Critical
SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component.
CVE-2024-44541 1 Evilnapsis 1 Inventio-lite 2026-04-15 9.8 Critical
evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."
CVE-2024-13507 1 Wordpress 1 Wordpress 2026-04-15 7.5 High
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to time-based SQL Injection via the dist parameter in all versions up to, and including, 2.8.97 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2024-33787 2026-04-15 8.2 High
Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQL injection vulnerability via the tuser_Number parameter at search_user.aspx.
CVE-2024-13809 2026-04-15 6.5 Medium
The Hero Slider - WordPress Slider Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2024-27718 1 Byzronetwork 1 Management Platform 2026-04-15 7.8 High
SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component.
CVE-2024-48465 1 Mrbs 1 Mrbs 2026-04-15 9.8 Critical
The MRBS version 1.5.0 has an SQL injection vulnerability in the edit_entry_handler.php file, specifically in the rooms%5B%5D parameter
CVE-2024-29732 2026-04-15 9.8 Critical
A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter.
CVE-2017-20195 2026-04-15 5.5 Medium
A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec. It has been rated as critical. This issue affects some unknown processing of the file request.php. The manipulation of the argument phone leads to sql injection. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 264813c546dba03989ac0fc365f2022bf65e3be2. It is recommended to apply a patch to fix this issue.
CVE-2024-4423 2026-04-15 7.2 High
The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass. An attacker who has network access to the login panel can log in with administrator rights to the application.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.
CVE-2024-42844 2026-04-15 8.1 High
A SQL Injection vulnerability has been identified in EPICOR Prophet 21 (P21) up to 23.2.5232. This vulnerability allows authenticated remote attackers to execute arbitrary SQL commands through unsanitized user input fields to obtain unauthorized information