CVE Database

16+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS

16 results for "CWE-89"

CVE-2025-53681
7.2 HIGH

An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through …

May 12, 2026
CVE-2025-58692
8.8 HIGH

An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through …

Nov 18, 2025
CVE-2025-25257
9.8 CRITICAL KEV

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through …

Jul 17, 2025
CVE-2025-24474
2.7 LOW

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all …

Jul 8, 2025
CVE-2025-41233
6.8 MEDIUM

Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate …

Jun 12, 2025
CVE-2025-23176
8.8 HIGH

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Apr 22, 2025
CVE-2022-29059
2.7 LOW

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 …

Mar 14, 2025
CVE-2024-33501
4.2 MEDIUM

Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, …

Mar 11, 2025
CVE-2025-26348
5.5 MEDIUM

A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu endpoint) in Q-Free MaxTime less than or equal …

Feb 12, 2025
CVE-2025-26346
5.5 MEDIUM

A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserGroupMenu endpoint) in Q-Free MaxTime less than or equal …

Feb 12, 2025
CVE-2024-52969
4.1 MEDIUM

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 …

Jan 14, 2025
CVE-2024-47926
9.8 CRITICAL

Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Dec 30, 2024
CVE-2024-45249
9.8 CRITICAL

Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Oct 6, 2024
CVE-2024-41702
9.8 CRITICAL

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Jul 30, 2024
CVE-2023-23775
6.5 MEDIUM

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker …

Jun 11, 2024
CVE-2024-36393
9.9 CRITICAL

SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Jun 6, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.

Website Scanner Port Scanner