Total
11922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33402 | 2024-07-03 | N/A | 8.1 HIGH | ||
| A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2024-33332 | 2024-07-03 | N/A | N/A | ||
| An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant. | |||||
| CVE-2024-33292 | 2024-07-03 | N/A | 8.2 HIGH | ||
| SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter. | |||||
| CVE-2024-33276 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes() method. | |||||
| CVE-2024-33275 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components. | |||||
| CVE-2024-33269 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before allows an attacker to run arbitrary SQL commands via the FsModel::getFlashSales method. | |||||
| CVE-2024-33267 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function. | |||||
| CVE-2024-33161 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. | |||||
| CVE-2024-33155 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. | |||||
| CVE-2024-33153 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. | |||||
| CVE-2024-33149 | 2024-07-03 | N/A | 8.1 HIGH | ||
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. | |||||
| CVE-2024-33144 | 2024-07-03 | N/A | 8.8 HIGH | ||
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. | |||||
| CVE-2024-33124 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function.. | |||||
| CVE-2024-33121 | 2024-07-03 | N/A | N/A | ||
| Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function. | |||||
| CVE-2024-32738 | 2024-07-03 | N/A | 7.5 HIGH | ||
| A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper. | |||||
| CVE-2024-32737 | 2024-07-03 | N/A | 7.5 HIGH | ||
| A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper. | |||||
| CVE-2024-32493 | 2024-07-03 | N/A | 8.8 HIGH | ||
| An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request. | |||||
| CVE-2024-32369 | 2024-07-03 | N/A | 4.3 MEDIUM | ||
| SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component. | |||||
| CVE-2024-32212 | 2024-07-03 | N/A | 8.1 HIGH | ||
| SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0.20.120 and before allows an attacker to execute arbitrary code via the ArticleGetGroups, DocAddDocument, ClassClickShop and frmSettings components. | |||||
| CVE-2024-31961 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter. | |||||