Total
16155 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7512 | 1 Code-projects | 1 Modern Bag | 2025-07-15 | 7.3 High |
| A vulnerability was found in code-projects Modern Bag 1.0. It has been classified as critical. Affected is an unknown function of the file /contact-back.php. The manipulation of the argument contact-name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7513 | 1 Code-projects | 1 Modern Bag | 2025-07-15 | 7.3 High |
| A vulnerability was found in code-projects Modern Bag 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/slideupdate.php. The manipulation of the argument idSlide leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7514 | 1 Code-projects | 1 Modern Bag | 2025-07-15 | 7.3 High |
| A vulnerability was found in code-projects Modern Bag 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/contact-list.php. The manipulation of the argument idStatus leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7515 | 1 Anisha | 1 Online Appointment Booking System | 2025-07-15 | 7.3 High |
| A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. This affects an unknown part of the file /ulocateus.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7612 | 2 Anisha, Code-projects | 2 Mobile Shop, Mobile Shop | 2025-07-15 | 7.3 High |
| A vulnerability was found in code-projects Mobile Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-51652 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php. | ||||
| CVE-2025-51653 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php. | ||||
| CVE-2025-51654 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php. | ||||
| CVE-2025-51655 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php. | ||||
| CVE-2025-51656 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php. | ||||
| CVE-2025-51657 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php. | ||||
| CVE-2025-51658 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php. | ||||
| CVE-2025-51659 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php. | ||||
| CVE-2024-36263 | 1 Apache | 1 Submarine | 2025-07-15 | 8.1 High |
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-51660 | 1 Sem-cms | 1 Semcms | 2025-07-15 | 5.4 Medium |
| SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php. | ||||
| CVE-2024-53947 | 2 Apache, Apache Software Foundation | 2 Superset, Apache Superset | 2025-07-15 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema. This issue affects Apache Superset: <4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS. | ||||
| CVE-2025-7467 | 1 Code-projects | 1 Modern Bag | 2025-07-15 | 7.3 High |
| A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This affects an unknown part of the file /product-detail.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7469 | 1 Campcodes | 1 Sales And Inventory System | 2025-07-15 | 7.3 High |
| A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/product_add.php. The manipulation of the argument prod_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7120 | 1 Campcodes | 1 Complaint Management System | 2025-07-15 | 7.3 High |
| A vulnerability was found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /users/check_availability.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7471 | 1 Code-projects | 1 Modern Bag | 2025-07-15 | 7.3 High |
| A vulnerability was found in code-projects Modern Bag 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/login-back.php. The manipulation of the argument user-name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||