Total
15478 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33153 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.8 CRITICAL |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. | |||||
| CVE-2024-33149 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 8.1 HIGH |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. | |||||
| CVE-2024-33148 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 7.3 HIGH |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. | |||||
| CVE-2024-33147 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 8.8 HIGH |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function. | |||||
| CVE-2022-1887 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-16 | N/A | 9.8 CRITICAL |
| The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. | |||||
| CVE-2024-33144 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 8.8 HIGH |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. | |||||
| CVE-2024-33139 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 7.5 HIGH |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. | |||||
| CVE-2024-35091 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.8 CRITICAL |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml. | |||||
| CVE-2024-35090 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 8.2 HIGH |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml. | |||||
| CVE-2024-35086 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.8 CRITICAL |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml . | |||||
| CVE-2024-35085 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 5.4 MEDIUM |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml. | |||||
| CVE-2024-35084 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 9.8 CRITICAL |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml. | |||||
| CVE-2024-35083 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 8.8 HIGH |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml. | |||||
| CVE-2024-35082 | 1 J2eefast | 1 J2eefast | 2025-04-16 | N/A | 6.3 MEDIUM |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml. | |||||
| CVE-2021-40617 | 1 Os4ed | 1 Opensis | 2025-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php. | |||||
| CVE-2020-5504 | 3 Debian, Phpmyadmin, Suse | 3 Debian Linux, Phpmyadmin, Suse Linux Enterprise Server | 2025-04-16 | 6.5 MEDIUM | 8.8 HIGH |
| In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. | |||||
| CVE-2019-16693 | 1 Phpipam | 1 Phpipam | 2025-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. | |||||
| CVE-2024-40443 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | N/A | 4.3 MEDIUM |
| SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php | |||||
| CVE-2023-33362 | 1 Piwigo | 1 Piwigo | 2025-04-16 | N/A | 9.8 CRITICAL |
| Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. | |||||
| CVE-2025-26908 | 2025-04-16 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gurmehub Kargo Entegratör allows SQL Injection. This issue affects Kargo Entegratör: from n/a through 1.1.14. | |||||