CVE List by Type: SQL Injection

Explore CVEs related to SQL Injection vulnerabilities. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing SQL Injection CVEs across all publication years. View full CVE list

Showing 6180 of 19626 results
«« First « Prev Page 4 / 982 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-57642 Contributor SQL Injection in Gallery <= 4.7.8 versions. 8.5 0.21% 2026-06-26 2026-06-29
CVE-2026-57636 Contributor SQL Injection in wpForo Forum <= 3.0.9 versions. 8.5 0.21% 2026-06-26 2026-06-26
CVE-2026-57631 Administrator SQL Injection in Popup box <= 6.0.1 versions. 7.6 0.28% 2026-06-26 2026-06-26
CVE-2026-57628 Administrator SQL Injection in WP All Import <= 4.0.1 versions. 7.6 0.28% 2026-06-26 2026-06-26
CVE-2026-56070 Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions. 9.3 0.24% 2026-06-26 2026-06-26
CVE-2026-56068 Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions. 9.3 0.24% 2026-06-26 2026-06-29
CVE-2026-56067 Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions. 9.3 0.24% 2026-06-26 2026-06-26
CVE-2026-56064 Subscriber SQL Injection in Tourfic <= 2.22.5 versions. 8.5 0.28% 2026-06-26 2026-06-26
CVE-2026-56062 Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions. 9.3 0.24% 2026-06-26 2026-06-26
CVE-2026-56036 Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions. 9.3 0.24% 2026-06-26 2026-06-26
CVE-2026-56034 Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions. 9.3 0.29% 2026-06-26 2026-06-29
CVE-2026-54831 Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions. 9.3 0.28% 2026-06-26 2026-06-26
CVE-2026-54827 Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions. 9.3 0.28% 2026-06-26 2026-06-26
CVE-2026-54825 Unauthenticated SQL Injection in wpDataTables <= 7.4 versions. 9.3 0.28% 2026-06-26 2026-06-26
CVE-2026-54820 Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions. 9.3 0.28% 2026-06-26 2026-06-26
CVE-2026-13226 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract se 6.5 0.28% 2026-06-25 2026-06-26
CVE-2026-40083 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selected_items by calling cacti_unserialize(stripslashes(gnrv('selected_graphs_array'))). The cacti_unserialize() function calls unserialize() with allowed_classes set to false, which prevents object injection but still allows arbitrary string arrays to be deserialized. Th 7.2 0.26% 2026-06-25 2026-06-30
CVE-2026-37149 GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/search_products.php. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement. 7.7 0.24% 2026-06-25 2026-06-26
CVE-2026-57588 A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data. 1.8 0.16% 2026-06-25 2026-06-26
CVE-2026-57587 A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data. 2.9 0.34% 2026-06-25 2026-06-26
«« First « Prev Page 4 / 982 Next »
cvelogic Threat Intelligence