Total
12892 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6926 | 1 Wow-company | 1 Viral Signup | 2024-10-07 | N/A | 9.8 CRITICAL |
| The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | |||||
| CVE-2024-24142 | 1 Rems | 1 School Task Manager | 2024-10-05 | N/A | 9.8 CRITICAL |
| Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. | |||||
| CVE-2024-9359 | 1 Code-projects | 1 Restaurant Reservation System | 2024-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9360 | 1 Code-projects | 1 Restaurant Reservation System | 2024-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9130 | 1 Givewp | 1 Givewp | 2024-10-04 | N/A | 7.2 HIGH |
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with GiveWP Manager-level access and above, to append additional SQL queries into already existing queries within the Legacy View mode, that can be used to extract sensitive information from the database. | |||||
| CVE-2024-8607 | 1 Oceanicsoft | 1 Valeapp | 2024-10-04 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0. | |||||
| CVE-2024-23810 | 1 Siemens | 1 Sinec Nms | 2024-10-04 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. | |||||
| CVE-2024-46510 | 2024-10-04 | N/A | 7.6 HIGH | ||
| ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface | |||||
| CVE-2024-9194 | 2024-10-04 | N/A | 4.3 MEDIUM | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766. | |||||
| CVE-2024-46626 | 2024-10-04 | N/A | 8.8 HIGH | ||
| OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload. | |||||
| CVE-2024-7732 | 1 Secom | 1 Dr.id Attendance System | 2024-10-03 | N/A | 9.8 CRITICAL |
| Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. | |||||
| CVE-2024-29846 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.0 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29830 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.0 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29829 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.0 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29828 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.0 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29827 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29826 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29825 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29824 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29823 | 1 Ivanti | 1 Endpoint Manager | 2024-10-03 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||