Total
11922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25521 | 2024-07-03 | N/A | 9.4 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. | |||||
| CVE-2024-25520 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. | |||||
| CVE-2024-25519 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. | |||||
| CVE-2024-25518 | 2024-07-03 | N/A | 9.4 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx. | |||||
| CVE-2024-25517 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. | |||||
| CVE-2024-25515 | 2024-07-03 | N/A | 7.3 HIGH | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx. | |||||
| CVE-2024-25514 | 2024-07-03 | N/A | 9.4 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. | |||||
| CVE-2024-25513 | 2024-07-03 | N/A | 7.8 HIGH | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. | |||||
| CVE-2024-25512 | 2024-07-03 | N/A | 8.1 HIGH | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. | |||||
| CVE-2024-25511 | 2024-07-03 | N/A | 9.4 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. | |||||
| CVE-2024-25510 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. | |||||
| CVE-2024-25509 | 2024-07-03 | N/A | 9.4 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. | |||||
| CVE-2024-25507 | 2024-07-03 | N/A | 9.4 CRITICAL | ||
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. | |||||
| CVE-2024-22856 | 2024-07-03 | N/A | N/A | ||
| A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal >= v.3.0 allows authenticated attackers to execute unintended queries and disclose sensitive information from DB tables via crafted requests. | |||||
| CVE-2024-22059 | 2024-07-03 | N/A | 8.8 HIGH | ||
| A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS. | |||||
| CVE-2024-21791 | 2024-07-03 | N/A | 4.7 MEDIUM | ||
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability. | |||||
| CVE-2024-1100 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through 2.23.5. | |||||
| CVE-2024-0269 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-07-03 | N/A | 8.8 HIGH |
| ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. | |||||
| CVE-2024-0253 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-07-03 | N/A | 8.8 HIGH |
| ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. | |||||
| CVE-2023-49335 | 2024-07-03 | N/A | 8.3 HIGH | ||
| Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details. | |||||