Export limit exceeded: 18189 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18189 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38347 | 2 Codeprojects, Health Care Hospital Management System Project | 2 Health Care Hospital Management System, Health Care Hospital Management System | 2024-11-21 | 8.8 High |
| CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter. | ||||
| CVE-2024-38289 | 2 R-hub, Rhubcom | 2 Turbomeeting, Turbomeeting | 2024-11-21 | 9.8 Critical |
| A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input. | ||||
| CVE-2024-37873 | 2 Itsourcecode, Payroll Management System Project | 2 Payroll Management System Project In Php With Source Code, Payroll Management System | 2024-11-21 | 9.1 Critical |
| SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2024-37849 | 1 Itsourcecode | 1 Billing System | 2024-11-21 | 9.8 Critical |
| A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. | ||||
| CVE-2024-37843 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 7.5 High |
| Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint. | ||||
| CVE-2024-37831 | 1 Itsourcecode | 1 Payroll Management System | 2024-11-21 | 9.1 Critical |
| Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter. | ||||
| CVE-2024-37802 | 2 Codeprojects, Health Care Hospital Management System Project | 2 Health Care Hospital Management System, Health Care Hospital Management System | 2024-11-21 | 9.4 Critical |
| CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter. | ||||
| CVE-2024-37791 | 1 Duxcms Project | 1 Duxcms | 2024-11-21 | 6 Medium |
| DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?class_id. | ||||
| CVE-2024-37699 | 1 Softnews Media Group | 1 Datalife Engine | 2024-11-21 | 9.8 Critical |
| An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in dboption. | ||||
| CVE-2024-37564 | 2024-11-21 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7. | ||||
| CVE-2024-37494 | 1 Kainelabs | 1 Youzify | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaineLabs Youzify.This issue affects Youzify: from n/a through 1.2.5. | ||||
| CVE-2024-37486 | 1 Strangerstudios | 1 Paid Memberships Pro | 2024-11-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5. | ||||
| CVE-2024-37393 | 1 Securenvoy | 2 Mfa, Multi-factor Authentication Solutions | 2024-11-21 | 9.8 Critical |
| Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature. | ||||
| CVE-2024-37256 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1. | ||||
| CVE-2024-37252 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.25. | ||||
| CVE-2024-37225 | 1 Zoho | 1 Marketing Automation | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7. | ||||
| CVE-2024-37112 | 1 Wishlist Member | 1 Wishlist Member | 2024-11-21 | 10 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | ||||
| CVE-2024-37090 | 1 Stylemixthemes | 2 Consulting Elementor Widgets, Masterstudy Elementor Widgets | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0. | ||||
| CVE-2024-36840 | 2024-11-21 | 9.1 Critical | ||
| SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php. | ||||
| CVE-2024-36837 | 1 Crmeb | 1 Crmeb | 2024-11-21 | 5.4 Medium |
| SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. | ||||