Total
13478 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-57628 | 2025-01-14 | 7.5 High | ||
| An issue in the exp_values_set_supertype component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-42244 | 2025-01-14 | 8.8 High | ||
| An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php. | ||||
| CVE-2024-35278 | 2025-01-14 | 4.1 Medium | ||
| A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request. | ||||
| CVE-2024-57637 | 2025-01-14 | 7.5 High | ||
| An issue in the dfe_unit_gb_dependant component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57636 | 2025-01-14 | 7.5 High | ||
| An issue in the itc_sample_row_check component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57635 | 2025-01-14 | 7.5 High | ||
| An issue in the chash_array component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57634 | 2025-01-14 | 7.5 High | ||
| An issue in the exp_copy component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57633 | 2025-01-14 | 7.5 High | ||
| An issue in the exps_bind_column component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2024-57632 | 2025-01-14 | 7.5 High | ||
| An issue in the is_column_unique component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2023-37931 | 1 Fortinet | 1 Fortivoice | 2025-01-14 | 8.6 High |
| An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests | ||||
| CVE-2025-0063 | 2025-01-14 | 8.8 High | ||
| SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and availability. | ||||
| CVE-2025-20620 | 2025-01-14 | 7.5 High | ||
| SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may obtain the administrative password of the web management page. | ||||
| CVE-2021-4336 | 1 Itrsgroup | 1 Ninja | 2025-01-13 | 5.5 Medium |
| A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080faec9bca1ca5342386c0421dca0a6c0cc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230084. | ||||
| CVE-2023-33734 | 1 Bluecms Project | 1 Bluecms | 2025-01-13 | 9.8 Critical |
| BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php. | ||||
| CVE-2024-9134 | 2025-01-13 | 8.3 High | ||
| Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. | ||||
| CVE-2024-12404 | 2025-01-13 | 7.5 High | ||
| The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-0103 | 2025-01-13 | N/A | ||
| An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system. | ||||
| CVE-2025-0405 | 2025-01-13 | 6.3 Medium | ||
| A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical. This issue affects the function GoodsDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/GoodsController.java. The manipulation of the argument goodsName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0410 | 2025-01-13 | 6.3 Medium | ||
| A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. This vulnerability affects the function MenberDaoInpl of the file src/main/java/com/liujian/gymxmjpa/controller/MenberConntroller.java. The manipulation of the argument hyname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0409 | 2025-01-13 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. This affects the function MembertypeDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java. The manipulation of the argument typeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||