按类型的 CVE 列表:SQL Injection(按公开年份筛选)

探索与 SQL Injection 漏洞相关的 CVE,并按公开年份筛选。本列表默认优先展示最新披露,并支持按 CVSS 与 EPSS 风险分数进一步筛选。

覆盖最新漏洞披露与趋势,帮助安全团队快速识别高风险问题与被利用可能性。

当前为 SQL Injection 类型、2026 年公开的 CVE。 查看完整 CVE 列表

显示 1202190 条结果
«« 第一页 « 上一页 第 1 / 110 页 下一页 »
CVE 描述 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-4321 Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported. 9.8 2026-07-03 2026-07-03
CVE-2026-12920 The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive 4.9 2026-07-02 2026-07-02
CVE-2024-58352 Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input sanitization in the string-concatenated filter expression passed to the Hibernate findList() call to extract sensitive data such as administrator password hashes and, with sufficient database privileges, perform 8.7 0.56% 2026-07-02 2026-07-02
CVE-2026-9272 In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System (ADS) may send specially crafted requests that could result in unauthorized access to application data and its modification. 8.7 0.23% 2026-07-02 2026-07-03
CVE-2026-56841 A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device. 8.8 0.24% 2026-07-02 2026-07-02
CVE-2026-54404 A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances. 8.8 0.24% 2026-07-02 2026-07-03
CVE-2026-50747 A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device. 9.9 0.24% 2026-07-02 2026-07-02
CVE-2026-57765 Contributor SQL Injection in WP EasyCart <= 5.9.0 versions. 8.5 0.22% 2026-07-02 2026-07-02
CVE-2026-57756 Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions. 8.5 0.22% 2026-07-02 2026-07-02
CVE-2026-57752 Contributor SQL Injection in iNET Webkit 1.2.4 versions. 8.5 0.29% 2026-07-02 2026-07-02
CVE-2026-57687 Contributor SQL Injection in Custom Field Template <= 2.7.8 versions. 8.5 0.22% 2026-07-02 2026-07-02
CVE-2026-57683 Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions. 9.3 0.25% 2026-07-02 2026-07-02
CVE-2026-57679 Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions. 9.3 0.25% 2026-07-02 2026-07-02
CVE-2025-69094 Subscriber SQL Injection in Unicamp <= 2.2.2 versions. 8.5 0.28% 2026-07-02 2026-07-02
CVE-2026-8441 The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprp_load_more_revs AJAX action in versions up to, and including, 12.7.2. The parameter is read via $_POST['notinstring'] and passed through sanitize_text_field() — which strips HTML and whitespace but does not provide SQL safety. The value is then concatenated directly into a numeric/unquoted `AND id NOT IN (...)` clause and executed via $wpdb->get_results() without $wpdb->prepare 7.5 0.37% 2026-07-02 2026-07-02
CVE-2026-14029 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitiv 6.5 0.44% 2026-07-02 2026-07-02
CVE-2026-13357 The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepare_items() method of the Houzez_Property_Feed_Admin_Logs_Export_Table (and Houzez_Property_Feed_Admin_Logs_Import_Table) class. The user-controlled $_GET['orderby'] and $_GET['order'] values are filtered only with san 4.9 0.29% 2026-07-02 2026-07-02
CVE-2026-52186 SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component 9.8 0.53% 2026-07-01 2026-07-02
CVE-2026-14363 Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from * before 1.43.9,1.44.6,1.45.4. 6.9 0.26% 2026-07-01 2026-07-02
CVE-2026-58521 Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows SQL Injection. This issue affects Mediawiki - Cargo Extension: from * before 1.43.9,1.44.6,1.45.4. 6.9 0.25% 2026-07-01 2026-07-01
«« 第一页 « 上一页 第 1 / 110 页 下一页 »
cvelogic Threat Intelligence