Explore CVEs related to SQL Injection vulnerabilities. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs across all publication years. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-57642 | Contributor SQL Injection in Gallery <= 4.7.8 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-29 |
| CVE-2026-57636 | Contributor SQL Injection in wpForo Forum <= 3.0.9 versions. | 8.5 | 0.21% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57631 | Administrator SQL Injection in Popup box <= 6.0.1 versions. | 7.6 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2026-57628 | Administrator SQL Injection in WP All Import <= 4.0.1 versions. | 7.6 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2026-56070 | Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions. | 9.3 | 0.24% | 2026-06-26 | 2026-06-26 |
| CVE-2026-56068 | Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions. | 9.3 | 0.24% | 2026-06-26 | 2026-06-29 |
| CVE-2026-56067 | Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions. | 9.3 | 0.24% | 2026-06-26 | 2026-06-26 |
| CVE-2026-56064 | Subscriber SQL Injection in Tourfic <= 2.22.5 versions. | 8.5 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2026-56062 | Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions. | 9.3 | 0.24% | 2026-06-26 | 2026-06-26 |
| CVE-2026-56036 | Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions. | 9.3 | 0.24% | 2026-06-26 | 2026-06-26 |
| CVE-2026-56034 | Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions. | 9.3 | 0.29% | 2026-06-26 | 2026-06-29 |
| CVE-2026-54831 | Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions. | 9.3 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2026-54827 | Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions. | 9.3 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2026-54825 | Unauthenticated SQL Injection in wpDataTables <= 7.4 versions. | 9.3 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2026-54820 | Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions. | 9.3 | 0.28% | 2026-06-26 | 2026-06-26 |
| CVE-2026-13226 | The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract se | 6.5 | 0.28% | 2026-06-25 | 2026-06-26 |
| CVE-2026-40083 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selected_items by calling cacti_unserialize(stripslashes(gnrv('selected_graphs_array'))). The cacti_unserialize() function calls unserialize() with allowed_classes set to false, which prevents object injection but still allows arbitrary string arrays to be deserialized. Th | 7.2 | 0.26% | 2026-06-25 | 2026-06-30 |
| CVE-2026-37149 | GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/search_products.php. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement. | 7.7 | 0.24% | 2026-06-25 | 2026-06-26 |
| CVE-2026-57588 | A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data. | 1.8 | 0.16% | 2026-06-25 | 2026-06-26 |
| CVE-2026-57587 | A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data. | 2.9 | 0.34% | 2026-06-25 | 2026-06-26 |