Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25507 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 9.4 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx.
|
|||||
| CVE-2024-25508 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 9.8 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx.
|
|||||
| CVE-2024-25512 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 8.1 HIGH |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx.
|
|||||
| CVE-2024-25509 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 9.4 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.
|
|||||
| CVE-2024-25510 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 9.8 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx.
|
|||||
| CVE-2024-25511 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 9.4 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx.
|
|||||
| CVE-2024-25513 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 7.8 HIGH |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx.
|
|||||
| CVE-2024-25514 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 9.4 CRITICAL |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx.
|
|||||
| CVE-2024-25515 | 1 Ruvar | 1 Ruvaroa | 2025-04-16 | N/A | 7.3 HIGH |
|
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx.
|
|||||
| CVE-2024-33444 | 1 Onethink | 1 Onethink | 2025-04-16 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component.
|
|||||
| CVE-2024-2587 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-16 | N/A | 8.2 HIGH |
|
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
|
|||||
| CVE-2024-2588 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-16 | N/A | 8.2 HIGH |
|
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
|
|||||
| CVE-2024-33146 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.1 CRITICAL |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function.
|
|||||
| CVE-2024-33164 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.8 CRITICAL |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function.
|
|||||
| CVE-2024-33161 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 5.3 MEDIUM |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function.
|
|||||
| CVE-2024-33155 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.8 CRITICAL |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function.
|
|||||
| CVE-2024-33153 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.8 CRITICAL |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function.
|
|||||
| CVE-2024-33149 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 8.1 HIGH |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function.
|
|||||
| CVE-2024-33148 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 7.3 HIGH |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function.
|
|||||
| CVE-2024-33147 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 8.8 HIGH |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function.
|
|||||
| CVE-2022-1887 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-16 | N/A | 9.8 CRITICAL |
|
The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101.
|
|||||
| CVE-2024-33144 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 8.8 HIGH |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml.
|
|||||
| CVE-2024-33139 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 7.5 HIGH |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function.
|
|||||
| CVE-2024-35091 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.8 CRITICAL |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml.
|
|||||
| CVE-2024-35090 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 8.2 HIGH |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml.
|
|||||
| CVE-2024-35086 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.8 CRITICAL |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml .
|
|||||
| CVE-2024-35085 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 5.4 MEDIUM |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml.
|
|||||
| CVE-2024-35084 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.8 CRITICAL |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml.
|
|||||
| CVE-2024-35083 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 8.8 HIGH |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml.
|
|||||
| CVE-2024-35082 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 6.3 MEDIUM |
|
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml.
|
|||||
| CVE-2021-40617 | 1 Os4ed | 1 Opensis | 2025-04-16 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
|
|||||
| CVE-2020-5504 | 3 Debian, Phpmyadmin, Suse | 3 Debian Linux, Phpmyadmin, Suse Linux Enterprise Server | 2025-04-16 | 6.5 MEDIUM | 8.8 HIGH |
|
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
|
|||||
| CVE-2019-16693 | 1 Phpipam | 1 Phpipam | 2025-04-16 | 7.5 HIGH | 9.8 CRITICAL |
|
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
|
|||||
| CVE-2024-40443 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | N/A | 4.3 MEDIUM |
|
SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php
|
|||||
| CVE-2023-33362 | 1 Piwigo | 1 Piwigo | 2025-04-16 | N/A | 9.8 CRITICAL |
|
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
|
|||||
| CVE-2025-39566 | 2025-04-16 | N/A | 7.6 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Hostel allows Blind SQL Injection. This issue affects Hostel: from n/a through 1.1.5.6.
|
|||||
| CVE-2025-26908 | 2025-04-16 | N/A | 7.6 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gurmehub Kargo Entegratör allows SQL Injection. This issue affects Kargo Entegratör: from n/a through 1.1.14.
|
|||||
| CVE-2025-39518 | 2025-04-16 | N/A | 7.6 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedefiningTheWeb BMA Lite allows SQL Injection. This issue affects BMA Lite: from n/a through 1.4.2.
|
|||||
| CVE-2025-1981 | 2025-04-16 | N/A | N/A | ||
|
Improper neutralization of input provided by a low-privileged user into a file search functionality in Ready_'s Invoices module allows for SQL Injection attacks.
|
|||||
| CVE-2025-22693 | 1 Contest-gallery | 1 Contest Gallery | 2025-04-15 | N/A | 7.6 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery Contest Gallery allows SQL Injection. This issue affects Contest Gallery: from n/a through 25.1.0.
|
|||||