CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,497 vulnerabilities with CWE-89
CVE-2026-32368
HIGH
Geo to Lat <=1.0.19 - SQL Injection
CVSS 8.5
CVE-2026-32366
HIGH
Collapsing Categories <=3.0.9 - SQL Injection
CVSS 8.5
CVE-2026-32365
HIGH
Collapsing Archives <=3.0.7 - SQL Injection
CVSS 8.5
CVE-2026-32358
HIGH
Booking Calendar <=10.14.15 - SQL Injection
CVSS 7.6
CVE-2026-32306
CRITICAL
OneUptime < 10.0.23 - Authenticated SQL Injection via Telemetry API Parameters
CVSS 9.9
CVE-2026-31922
HIGH
Ays Pro Fox LMS <= 1.0.6.3 - Blind SQL Injection
CVSS 8.5
CVE-2026-31917
HIGH
weDevs WP ERP <=1.16.10 - SQL Injection
CVSS 8.5
CVE-2026-25076
HIGH
Anchore Enterprise <5.25.1 - SQL Injection
CVSS 7.3
CVE-2026-22193
HIGH
wpDiscuz < 7.6.47 - SQL Injection in getAllSubscriptions Function
CVSS 8.1
CVE-2026-32137
HIGH
Dataease < 2.10.20 - SQL Injection via Table Parameter in Preview Data Endpoint
CVSS 8.8
CVE-2026-26794
HIGH
GL-iNet GL-AR300M16 v4.3.11 - SQL Injection
CVSS 8.8
CVE-2026-21708
CRITICAL
Veeam Backup and Replication Backup Viewer - Postgres User Remote Code Execution
CVSS 9.9
CVE-2026-4014
HIGH
Cafe Reservation System 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3981
HIGH
Online Doctor Appointment System 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3980
HIGH
Online Doctor Appointment System 1.0 - SQL Injection
CVSS 7.3
CVE-2026-3657
HIGH
My Sticky Bar Plugin for WordPress <=2.8.6 - SQL Injection
CVSS 7.5
CVE-2026-3969
HIGH
FeMiner wms <= 1.0 - SQL Injection via Basic Organizational Structure Module Name Parameter
CVSS 7.3
CVE-2026-3957
MEDIUM
weimai-wetapp 5fe9e82 - SQL Injection
CVSS 4.7
CVE-2026-3956
MEDIUM
weimai-wetapp up to 5fe9e82 - SQL Injection
CVSS 4.7
CVE-2026-32127
HIGH
OpenEMR < 8.0.0.1 - Authenticated SQL Injection via AJAX Graphs Library
CVSS 8.8
CVE-2026-32234
MEDIUM
Parse Server <9.6.0-alpha.10/8.6.36 - SQL Injection
CVSS 4.7
CVE-2026-31896
CRITICAL
WeGIA < 3.6.6 - Authenticated SQL Injection via remover_produto_ocultar.php
CVSS 9.8
CVE-2026-31895
HIGH
WeGIA < 3.6.6 - SQL Injection via id_produto Parameter
CVSS 8.8
CVE-2026-31877
CRITICAL
Frappe <15.84.0/14.99.0 - SQL Injection
CVSS 9.8
CVE-2026-31871
CRITICAL
Parse Server <9.6.0-alpha.5/8.6.31 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,497
Exploit Likelihood
High