| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
| An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
| Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy. |
| Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan. |
| Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del. |
| Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy. |
| Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del. |
| SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment. |
| Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult(). |
| JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. |
| A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. |
| A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
| A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. |
| A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. |
| CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus |
| CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers |
| CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser |
| CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser |