Total
19307 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25523 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 9.8 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. | |||||
| CVE-2024-25522 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. | |||||
| CVE-2024-25521 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. | |||||
| CVE-2024-25520 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 9.8 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. | |||||
| CVE-2024-25519 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 9.8 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. | |||||
| CVE-2024-25518 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx. | |||||
| CVE-2024-25517 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 9.8 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. | |||||
| CVE-2024-25515 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 7.3 HIGH |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx. | |||||
| CVE-2024-25514 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. | |||||
| CVE-2024-25513 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 7.8 HIGH |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. | |||||
| CVE-2024-25512 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 8.1 HIGH |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. | |||||
| CVE-2024-25511 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. | |||||
| CVE-2024-25510 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 9.8 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. | |||||
| CVE-2024-25509 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. | |||||
| CVE-2024-25508 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 9.8 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. | |||||
| CVE-2024-25507 | 1 Ruvar | 1 Ruvaroa | 2026-06-17 | N/A | 9.4 CRITICAL |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. | |||||
| CVE-2024-25469 | 1 Crmeb | 1 Crmeb Java | 2026-06-17 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component. | |||||
| CVE-2024-25428 | 1 Mrcms | 1 Mrcms | 2026-06-17 | N/A | 6.5 MEDIUM |
| SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter. | |||||
| CVE-2024-25422 | 1 Sem-cms | 1 Semcms | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component. | |||||
| CVE-2024-25400 | 1 Intelliants | 1 Subrion | 2026-06-17 | N/A | 9.8 CRITICAL |
| Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file. | |||||