Total
11922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29824 | 2024-07-03 | N/A | 9.6 CRITICAL | ||
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29823 | 2024-07-03 | N/A | 9.6 CRITICAL | ||
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29822 | 2024-07-03 | N/A | 9.6 CRITICAL | ||
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29320 | 2024-07-03 | N/A | 8.1 HIGH | ||
| Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php. | |||||
| CVE-2024-29169 | 2024-07-03 | N/A | 5.4 MEDIUM | ||
| Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. | |||||
| CVE-2024-28556 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php. | |||||
| CVE-2024-28322 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a crafted POST request. | |||||
| CVE-2024-28294 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| Limbas up to v5.2.14 was discovered to contain a SQL injection vulnerability via the ftid parameter. | |||||
| CVE-2024-28279 | 2024-07-03 | N/A | 7.3 HIGH | ||
| Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=. | |||||
| CVE-2024-27574 | 2024-07-03 | N/A | 9.1 CRITICAL | ||
| SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters. | |||||
| CVE-2024-25533 | 2024-07-03 | N/A | 9.4 CRITICAL | ||
| Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements. | |||||
| CVE-2024-25532 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. | |||||
| CVE-2024-25531 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. | |||||
| CVE-2024-25530 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. | |||||
| CVE-2024-25528 | 2024-07-03 | N/A | 5.9 MEDIUM | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. | |||||
| CVE-2024-25526 | 2024-07-03 | N/A | 8.1 HIGH | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. | |||||
| CVE-2024-25525 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx. | |||||
| CVE-2024-25524 | 2024-07-03 | N/A | 9.4 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. | |||||
| CVE-2024-25523 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. | |||||
| CVE-2024-25522 | 2024-07-03 | N/A | 9.4 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. | |||||