Export limit exceeded: 18232 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18232 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12935 | 1 Code-projects | 1 Simple Admin Panel | 2025-04-17 | 6.3 Medium |
| A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-46374 | 2 Best House Rental Management System, Mayurik | 2 Best House Rental Management System, Best House Rental Management System | 2025-04-16 | 9.8 Critical |
| Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php. | ||||
| CVE-2024-25507 | 1 Ruvar | 2 Ruvaroa, Ruvaroa | 2025-04-16 | 9.4 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. | ||||
| CVE-2024-25508 | 2 Guangzhou Luhua Information Technology, Ruvar | 2 Ruvaroa, Ruvaroa | 2025-04-16 | 9.8 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. | ||||
| CVE-2024-25512 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | 8.1 High |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. | ||||
| CVE-2024-25509 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | 9.4 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. | ||||
| CVE-2024-25510 | 2 Guangzhou Luhua Information Technology, Ruvar | 2 Ruvaroa, Ruvaroa | 2025-04-16 | 9.8 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. | ||||
| CVE-2024-25511 | 1 Ruvar | 2 Ruvaroa, Ruvaroa | 2025-04-16 | 9.4 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. | ||||
| CVE-2024-25513 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | 7.8 High |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. | ||||
| CVE-2024-25514 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | 9.4 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. | ||||
| CVE-2024-25515 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | 7.3 High |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx. | ||||
| CVE-2024-33444 | 1 Onethink | 1 Onethink | 2025-04-16 | 9.8 Critical |
| SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component. | ||||
| CVE-2024-2587 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-16 | 8.2 High |
| Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. | ||||
| CVE-2024-2588 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-16 | 8.2 High |
| Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. | ||||
| CVE-2022-1358 | 1 Cambiumnetworks | 1 Cnmaestro | 2025-04-16 | 5.9 Medium |
| The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database. | ||||
| CVE-2022-1361 | 1 Cambiumnetworks | 1 Cnmaestro | 2025-04-16 | 7.4 High |
| The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices. | ||||
| CVE-2022-2136 | 1 Advantech | 1 Iview | 2025-04-16 | 8.8 High |
| The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. | ||||
| CVE-2022-2142 | 1 Advantech | 1 Iview | 2025-04-16 | 8.1 High |
| The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. | ||||
| CVE-2022-40967 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||
| CVE-2022-41773 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||