Export limit exceeded: 336559 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336559 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18041 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18041 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27950 | 1 Sitasoftware | 1 Azurcms | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA. | ||||
| CVE-2021-27948 | 1 Mybb | 1 Mybb | 2024-11-21 | 7.2 High |
| SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3). | ||||
| CVE-2021-27947 | 1 Mybb | 1 Mybb | 2024-11-21 | 7.2 High |
| SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3). | ||||
| CVE-2021-27946 | 1 Mybb | 1 Mybb | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3). | ||||
| CVE-2021-27890 | 1 Mybb | 1 Mybb | 2024-11-21 | 8.8 High |
| SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. | ||||
| CVE-2021-27828 | 1 In4velocity | 1 In4suite Erp | 2024-11-21 | 9.1 Critical |
| SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. | ||||
| CVE-2021-27672 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 4.9 Medium |
| SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component. | ||||
| CVE-2021-27644 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 8.8 High |
| In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password) | ||||
| CVE-2021-27581 | 1 Kentico | 1 Kentico Cms | 2024-11-21 | 9.8 Critical |
| The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. | ||||
| CVE-2021-27545 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2024-11-21 | 6.5 Medium |
| SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. | ||||
| CVE-2021-27320 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 7.5 High |
| Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. | ||||
| CVE-2021-27319 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 7.5 High |
| Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter. | ||||
| CVE-2021-27316 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 7.5 High |
| Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter. | ||||
| CVE-2021-27315 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 7.5 High |
| Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter. | ||||
| CVE-2021-27314 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 9.8 Critical |
| SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. | ||||
| CVE-2021-27234 | 1 Mutare | 1 Voice | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp. | ||||
| CVE-2021-27130 | 1 Online Reviewer System Project | 1 Online Reviewer System | 2024-11-21 | 9.8 Critical |
| Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload. | ||||
| CVE-2021-27124 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 6.5 Medium |
| SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack. | ||||
| CVE-2021-27021 | 1 Puppet | 3 Puppet, Puppet Enterprise, Puppetdb | 2024-11-21 | 8.8 High |
| A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. | ||||
| CVE-2021-26966 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 6.5 Medium |
| A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. | ||||