| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4. |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/consejoRandom/ , parameter idCat;. |
| SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/setAsRead/, parameter id. |
| An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. |
| MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch. |
| SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it. |
| SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it. |
| SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it. |
| SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it. |
| SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it. |
| SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it. |
| SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it. |
| SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so. |
| A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter. |
| server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a related issue to CVE-2006-2369. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.This issue affects Semtek Sempos: through 31072024. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows SQL Injection.This issue affects Semtek Sempos: through 31072024. |
| Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts. |
| ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61. |
