Total
16073 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8744 | 1 Cesiumlab | 1 Web | 2025-08-12 | 7.3 High |
| A vulnerability classified as critical was found in CesiumLab Web up to 4.0. This vulnerability affects unknown code of the file /lodmodels/. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-50341 | 1 Axelor | 1 Axelor | 2025-08-12 | 9.8 Critical |
| A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation. | ||||
| CVE-2025-8701 | 1 Wanzhou | 1 Woes Intelligent Optimization Energy Saving System | 2025-08-12 | 6.3 Medium |
| A vulnerability was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /OL_OprationLog/GetPageList. The manipulation of the argument optUser leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8705 | 1 Wanzhou | 1 Woes Intelligent Optimization Energy Saving System | 2025-08-12 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEAS_HomePage/GetTargetConfig of the component Energy Overview Module. The manipulation of the argument BP_ProID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8704 | 1 Wanzhou | 1 Woes Intelligent Optimization Energy Saving System | 2025-08-12 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This issue affects some unknown processing of the file /WEAS_AlarmResult/GetAlarmResultProcessList of the component Analysis Conclusion Query Module. The manipulation of the argument resultId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8702 | 1 Wanzhou | 1 Woes Intelligent Optimization Energy Saving System | 2025-08-12 | 6.3 Medium |
| A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown part of the file /CommonSolution/GetVariableByOneIDNew of the component Historical Data Query Module. The manipulation of the argument ObjectID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8706 | 1 Wanzhou | 1 Woes Intelligent Optimization Energy Saving System | 2025-08-12 | 6.3 Medium |
| A vulnerability has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /CommonSolution/CreateFunctionLog of the component Energy Overview Module. The manipulation of the argument MM_MenID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8703 | 1 Wanzhou | 1 Woes Intelligent Optimization Energy Saving System | 2025-08-12 | 6.3 Medium |
| A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This vulnerability affects unknown code of the file /WEAS_HomePage/GetAreaTrendChartData of the component Environmental Real-Time Data Module. The manipulation of the argument energyId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-50928 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-08-12 | 4.8 Medium |
| Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function. | ||||
| CVE-2023-41530 | 2 Hospital Management System, Kishan0725 | 2 Hospital Management System, Hospital Management System | 2025-08-12 | 9.8 Critical |
| Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. | ||||
| CVE-2023-41525 | 2 Hospital Management System, Kishan0725 | 2 Hospital Management System, Hospital Management System | 2025-08-12 | 9.8 Critical |
| Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. | ||||
| CVE-2023-41526 | 2 Hospital Management System, Kishan0725 | 2 Hospital Management System, Hospital Management System | 2025-08-12 | 9.8 Critical |
| Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters. | ||||
| CVE-2023-41531 | 2 Hospital Management System, Kishan0725 | 2 Hospital Management System, Hospital Management System | 2025-08-12 | 8.8 High |
| Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters. | ||||
| CVE-2023-41528 | 2 Hospital Management System, Kishan0725 | 2 Hospital Management System, Hospital Management System | 2025-08-12 | 9.8 Critical |
| Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters. | ||||
| CVE-2025-54396 | 1 Netwrix | 1 Directory Manager | 2025-08-12 | 5.4 Medium |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this. | ||||
| CVE-2025-50468 | 1 Open-metadata | 1 Openmetadata | 2025-08-12 | 6.5 Medium |
| OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query. | ||||
| CVE-2025-50465 | 1 Open-metadata | 1 Openmetadata | 2025-08-12 | 7.1 High |
| OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query. | ||||
| CVE-2025-50467 | 1 Open-metadata | 1 Openmetadata | 2025-08-12 | 6.5 Medium |
| OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query. | ||||
| CVE-2025-50466 | 1 Open-metadata | 1 Openmetadata | 2025-08-12 | 7.1 High |
| OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query. | ||||
| CVE-2023-41532 | 1 Kishan0725 | 1 Hospital Management System | 2025-08-11 | 8.8 High |
| Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php. | ||||