| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional sensitive information.
This issue affects SOPlanning version 1.55 and below. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection.
This issue affects Wowwo CRM.
NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. |
| Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection.
To remediate this issue, users should upgrade to version v3.0.1 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Yeşil Software Guest Tracking Software allows SQL Injection.
This issue affects Guest Tracking Software.
NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. |
| SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database.
This issue affects SOPlanning version 1.55 and below. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection.
This issue affects Azora Wireless Network Management: through 20250916.
NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. |
| In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Life4All allows SQL Injection.
This issue affects Life4All: before 10.01.2025. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Health4All allows SQL Injection.
This issue affects Health4All: before 10.01.2025. |
| In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts |
| A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /patient.php. Such manipulation of the argument editid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. |
| Improper Enforcement of Behavioral Workflow, Uncontrolled Resource Consumption vulnerability in Akinsoft MyRezzta allows Input Data Manipulation, CAPEC - 125 - Flooding.
This issue affects MyRezzta: from s2.02.02 before v2.05.01. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.
This issue affects B2B Login Panel: before 15.01.2025. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection.
This issue affects B2B Login Platform: before 16.01.2025. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arma Store Armalife allows SQL Injection.
This issue affects Armalife: through 20250916.
NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. |
| Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers
1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote
attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the
REST interface. |
| Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers
1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection.
This issue affects fayton.Pro ERP: through 20250929. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.
This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0. |
| Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR
FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526
allows an unprivileged remote attacker to use a password hash instead of an actual password to login
to a valid user account via the REST interface. |
