CWE-89 · SQL Injection
19637 CVEs classified under CWE-89 (SQL Injection). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-54350 | Critical | 10.0 | 2026-06-26 | Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing M… |
CVE-2025-10878 | Critical | 10.0 | 2026-02-03 | A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are v… |
CVE-2025-57792 | Critical | 10.0 | 2026-01-28 | Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. A… |
CVE-2025-52694 | Critical | 10.0 | 2026-01-12 | Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable s… |
CVE-2025-65091 | Critical | 10.0 | 2026-01-10 | XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page (i… |
CVE-2024-57521 | Critical | 10.0 | 2025-12-23 | SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java. |
CVE-2025-63531 | Critical | 10.0 | 2025-12-01 | A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize… |
CVE-2025-63689 | Critical | 10.0 | 2025-11-07 | Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacke… |
CVE-2025-57870 | Critical | 10.0 | 2025-10-22 | A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, u… |
CVE-2025-50567 | Critical | 10.0 | 2025-08-19 | Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modif… |
CVE-2025-54119 | Critical | 10.0 | 2025-08-05 | ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping… |
CVE-2025-4285 | Critical | 10.0 | 2025-07-22 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL Inje… |
CVE-2025-46337 | Critical | 10.0 | 2025-05-01 | ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a… |
CVE-2025-26852 | Critical | 10.0 | 2025-03-20 | DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection. |
CVE-2025-22954 | Critical | 10.0 | 2025-03-12 | GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter. |
CVE-2024-13152 | Critical | 10.0 | 2025-02-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allo… |
CVE-2024-55971 | Critical | 10.0 | 2025-01-23 | SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on… |
CVE-2024-54261 | Critical | 10.0 | 2024-12-13 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM virtual-… |
CVE-2024-8529 | Critical | 10.0 | 2024-09-12 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-co… |
CVE-2024-8522 | Critical | 10.0 | 2024-09-12 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/cours… |