CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,510 vulnerabilities with CWE-89
CVE-2025-10970
CRITICAL
Talentics through 20022026 - SQL Injection
CVSS 9.8
CVE-2025-15560
HIGH
WorkTime < 11.8.8 - Authenticated SQL Injection via Widget API Endpoint
CVSS 8.8
CVE-2025-12707
HIGH
Library Management System Plugin 3.2.1 - SQL Injection
CVSS 7.5
CVE-2025-15585
MEDIUM
fileflows < 25.05.2 - Authenticated SQL Injection via Library-File Search Function
CVE-2025-12812
MEDIUM
Delinea Cloud Suite - SQL Injection
CVE-2025-70152
CRITICAL
Community Project Scholars Tracking System 1.0 - SQL Injection
CVSS 9.8
CVE-2025-70149
CRITICAL
CodeAstro Membership 1.0 - SQL Injection
CVSS 9.8
CVE-2025-59920
HIGH
time@work 7.0.5 - Authenticated Blind SQL Injection via IDClient Parameter
CVE-2025-8781
MEDIUM
Bookster Plugin <2.1.1 - SQL Injection
CVSS 4.9
CVE-2025-67102
HIGH
Jorani < 1.0.4 - Authenticated SQL Injection via alldayoffs Entity Parameter
CVSS 7.6
CVE-2025-70397
HIGH
jizhicms 2.5.6 - SQL Injection via Article/deleteAll and Extmolds/deleteAll data Parameter
CVSS 7.2
CVE-2025-7631
HIGH
Tumeva News Software <17022026 - SQL Injection
CVSS 8.6
CVE-2025-69633
CRITICAL
PrestaShop 1.1.26-1.2.6 - SQL Injection
CVSS 9.8
CVE-2025-70981
CRITICAL
CordysCRM 1.4.1 - SQL Injection via DepartmentIds Parameter
CVSS 9.8
CVE-2025-10969
CRITICAL
Farktor Software E-Commerce Services Inc. E-Commerce Package <2.711...
CVSS 9.8
CVE-2025-13431
MEDIUM
SlimStat Analytics <5.3.1 - SQL Injection
CVSS 6.5
CVE-2025-7636
HIGH
ZEUS PDKS <1.0.5.10-10022026 - SQL Injection
CVSS 8.8
CVE-2025-6830
CRITICAL
Xpoda Türkiye Password Module <11022026 - SQL Injection
CVSS 9.8
CVE-2025-15477
MEDIUM
Bucketlister <0.1.5 - SQL Injection
CVSS 6.5
CVE-2025-69216
MEDIUM
OpenSTAManager < 2.9.8 - Authenticated SQL Injection via Scadenzario id_anagrafica Parameter
CVSS 6.5
CVE-2025-69214
HIGH
OpenSTAManager < 2.9.8 - Authenticated SQL Injection via ajax_select.php Componenti Operation
CVSS 8.8
CVE-2025-15325
MEDIUM
Tanium Discover < 4.10.90 - SQL Injection
CVSS 6.3
CVE-2025-13379
HIGH
IBM Aspera Console 3.4.0-3.4.8 - SQL Injection
CVSS 8.6
CVE-2025-10258
MEDIUM
Infinera DNA < r24.2 - Time-Based SQL Injection
CVSS 6.3
CVE-2025-13192
HIGH
Popup builder with Gamification - SQL Injection
CVSS 8.2
Details
Vulnerabilities
19,510
Exploit Likelihood
High