Total
11641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35720 | 2024-06-04 | N/A | ||
| ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mod_webdav.so module. When parsing a request, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-16078. | ||||
| CVE-2023-3942 | 2024-06-04 | 7.5 High | ||
| An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others. | ||||
| CVE-2023-6173 | 2024-06-04 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeoSOFT Software TeoBASE allows SQL Injection.This issue affects TeoBASE: through 27032024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-47151 | 2024-06-04 | 8.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | ||||
| CVE-2022-43279 | 1 Limesurvey | 1 Limesurvey | 2024-06-04 | 7.2 High |
| LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | ||||
| CVE-2022-46966 | 1 Revenue Collection System Project | 1 Revenue Collection System | 2024-06-04 | 9.8 Critical |
| Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php. | ||||
| CVE-2021-20451 | 2024-06-04 | 6.0 Medium | ||
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643. | ||||
| CVE-2024-5590 | 2024-06-03 | 6.3 Medium | ||
| A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulation of the argument messagecontent leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266848. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-5589 | 2024-06-03 | 6.3 Medium | ||
| A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/config_MT.php?action=delete. The manipulation of the argument Mid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-5523 | 2024-05-31 | 8.8 High | ||
| SQL injection vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability could allow an authenticated local user to send a specially crafted SQL query to the 'searchString' parameter and retrieve all information stored in the database. | ||||
| CVE-2024-5517 | 2024-05-30 | 7.3 High | ||
| A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file changepwd.php. The manipulation of the argument useremail leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266588. | ||||
| CVE-2021-41365 | 1 Microsoft | 1 Defender For Iot | 2024-05-29 | 8.8 High |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | ||||
| CVE-2021-42313 | 1 Microsoft | 1 Defender For Iot | 2024-05-29 | 10.0 Critical |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | ||||
| CVE-2021-42311 | 1 Microsoft | 1 Defender For Iot | 2024-05-29 | 10.0 Critical |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | ||||
| CVE-2022-34700 | 1 Microsoft | 1 Dynamics 365 | 2024-05-29 | 8.8 High |
| Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | ||||
| CVE-2023-2567 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-05-28 | 6.5 Medium |
| A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way. | ||||
| CVE-2023-29245 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-05-28 | 7.4 High |
| A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets. Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data. | ||||
| CVE-2023-23574 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-05-28 | 6.5 Medium |
| A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way. | ||||
| CVE-2023-22378 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-05-28 | 6.5 Medium |
| A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way. | ||||
| CVE-2022-4259 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-05-28 | 8.8 High |
| Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. | ||||