Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25533 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | N/A | 9.4 CRITICAL |
|
Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.
|
|||||
| CVE-2024-57635 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the chash_array component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57636 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the itc_sample_row_check component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57637 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the dfe_unit_gb_dependant component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57638 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the dfe_body_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57639 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the dc_elt_size component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57640 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the dc_add_int component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57641 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the sqlexp component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57642 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the dfe_inx_op_col_def_table component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57643 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the box_deserialize_string component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57644 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the itc_hash_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57645 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57646 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the psiginfo component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57647 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the row_insert_cast component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57648 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the itc_set_param_row component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57649 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the qst_vec_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57650 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57651 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the jp_add component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57652 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the numeric_to_dv component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57653 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the qst_vec_set_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57656 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the sqlc_add_distinct_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57657 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the sqlg_vec_upd component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57658 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the sql_tree_hash_1 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2023-42235 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 3.8 LOW |
|
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php.
|
|||||
| CVE-2023-42236 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 3.8 LOW |
|
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php.
|
|||||
| CVE-2023-42237 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 3.8 LOW |
|
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.
|
|||||
| CVE-2023-42238 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 3.8 LOW |
|
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php.
|
|||||
| CVE-2023-42239 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 3.8 LOW |
|
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php.
|
|||||
| CVE-2023-42240 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 3.8 LOW |
|
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php.
|
|||||
| CVE-2023-42241 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 3.8 LOW |
|
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.
|
|||||
| CVE-2023-42242 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 3.8 LOW |
|
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php.
|
|||||
| CVE-2023-42243 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 5.4 MEDIUM |
|
In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries.
|
|||||
| CVE-2023-42244 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 8.8 HIGH |
|
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php.
|
|||||
| CVE-2024-57660 | 1 Openlinksw | 1 Virtuoso | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue in the sqlo_expand_jts component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2022-45041 | 1 Rockoa | 1 Xinhu | 2025-04-17 | N/A | 7.5 HIGH |
|
SQL Injection exits in xinhu < 2.5.0
|
|||||
| CVE-2024-12936 | 1 Code-projects | 1 Simple Admin Panel | 2025-04-17 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipulation of the argument record leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-12946 | 1 1000projects | 1 Attendance Tracking Management System | 2025-04-17 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/admin_action.php. The manipulation of the argument admin_user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-12927 | 1 1000projects | 1 Attendance Tracking Management System | 2025-04-17 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected by this issue is some unknown functionality of the file /faculty/check_faculty_login.php. The manipulation of the argument faculty_emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-12935 | 1 Code-projects | 1 Simple Admin Panel | 2025-04-17 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-46374 | 1 Mayurik | 1 Best House Rental Management System | 2025-04-16 | N/A | 9.8 CRITICAL |
|
Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php.
|
|||||