Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27298 | 2024-03-01 | N/A | 10.0 CRITICAL | ||
| parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20. | |||||
| CVE-2024-22196 | 1 Nginxui | 1 Nginx Ui | 2024-02-29 | N/A | 6.5 MEDIUM |
| Nginx-UI is an online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `"desc"` and `"id"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9. | |||||
| CVE-2023-7081 | 2024-02-29 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection.This issue affects Online Payment System: before 14.02.2024. | |||||
| CVE-2023-6145 | 1 Softomi | 1 Advanced C2c Marketplace Software | 2024-02-29 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection.This issue affects Softomi Advanced C2C Marketplace Software: before 12122023. | |||||
| CVE-2024-25910 | 2024-02-28 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |||||
| CVE-2024-25902 | 2024-02-28 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2. | |||||
| CVE-2024-24868 | 2024-02-28 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69. | |||||
| CVE-2024-25927 | 2024-02-28 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0. | |||||
| CVE-2024-22923 | 1 Advradius | 1 Adv Radius | 2024-02-27 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script. | |||||
| CVE-2022-43842 | 2024-02-23 | N/A | 8.6 HIGH | ||
| IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079. | |||||
| CVE-2024-25928 | 2024-02-23 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5. | |||||
| CVE-2024-24495 | 1 Remyandrade | 1 Daily Habit Tracker | 2024-02-22 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request. | |||||
| CVE-2024-25302 | 1 Remyandrade | 1 Event Student Attendance System | 2024-02-22 | N/A | 9.8 CRITICAL |
| Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. | |||||
| CVE-2021-3860 | 1 Jfrog | 1 Artifactory | 2024-02-19 | 6.5 MEDIUM | 8.8 HIGH |
| JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. | |||||
| CVE-2024-25220 | 1 Task Manager In Php With Source Code Project | 1 Task Manager In Php With Source Code | 2024-02-16 | N/A | 9.8 CRITICAL |
| Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php. | |||||
| CVE-2024-25222 | 1 Task Manager In Php With Source Code Project | 1 Task Manager In Php With Source Code | 2024-02-16 | N/A | 9.8 CRITICAL |
| Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php. | |||||
| CVE-2023-39417 | 3 Debian, Postgresql, Redhat | 4 Debian Linux, Postgresql, Enterprise Linux and 1 more | 2024-02-16 | N/A | 8.8 HIGH |
| IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | |||||
| CVE-2024-22221 | 1 Dell | 1 Unity Operating Environment | 2024-02-16 | N/A | 6.5 MEDIUM |
| Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information. | |||||
| CVE-2023-5155 | 2024-02-15 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8. | |||||
| CVE-2024-24308 | 1 Boostmyshop | 1 Boostmyshop | 2024-02-15 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php. | |||||