CWE-89 · SQL Injection

19637 CVEs classified under CWE-89 (SQL Injection). Browse by severity and year.

Top CVEs for CWE-89
CVESeverityScorePublishedSummary
CVE-2026-54350Critical10.02026-06-26Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing M…
CVE-2025-10878Critical10.02026-02-03A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are v…
CVE-2025-57792Critical10.02026-01-28Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. A…
CVE-2025-52694Critical10.02026-01-12Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable s…
CVE-2025-65091Critical10.02026-01-10XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page (i…
CVE-2024-57521Critical10.02025-12-23SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.
CVE-2025-63531Critical10.02025-12-01A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize…
CVE-2025-63689Critical10.02025-11-07Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacke…
CVE-2025-57870Critical10.02025-10-22A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, u…
CVE-2025-50567Critical10.02025-08-19Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modif…
CVE-2025-54119Critical10.02025-08-05ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping…
CVE-2025-4285Critical10.02025-07-22Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL Inje…
CVE-2025-46337Critical10.02025-05-01ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a…
CVE-2025-26852Critical10.02025-03-20DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection.
CVE-2025-22954Critical10.02025-03-12GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter.
CVE-2024-13152Critical10.02025-02-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allo…
CVE-2024-55971Critical10.02025-01-23SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on…
CVE-2024-54261Critical10.02024-12-13Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM virtual-…
CVE-2024-8529Critical10.02024-09-12The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-co…
CVE-2024-8522Critical10.02024-09-12The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/cours…