Total
15969 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29826 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29825 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29823 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29822 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. | |||||
| CVE-2024-29174 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | N/A | 4.4 MEDIUM |
| Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data. | |||||
| CVE-2024-29168 | 1 Dell | 1 Secure Connect Gateway | 2024-11-21 | N/A | 5.4 MEDIUM |
| Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. | |||||
| CVE-2024-28996 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | N/A | 7.5 HIGH |
| The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability. | |||||
| CVE-2024-28891 | 2024-11-21 | N/A | 8.8 HIGH | ||
| SQL injection vulnerability exists in the script Handler_CFG.ashx. | |||||
| CVE-2024-28421 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php | |||||
| CVE-2024-28395 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component. | |||||
| CVE-2024-28393 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method. | |||||
| CVE-2024-28392 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method. | |||||
| CVE-2024-28389 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail() method. | |||||
| CVE-2024-28388 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method. | |||||
| CVE-2024-28303 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php. | |||||
| CVE-2024-28040 | 2024-11-21 | N/A | 8.8 HIGH | ||
| SQL injection vulnerability exists in GetDIAE_astListParameters. | |||||
| CVE-2024-27718 | 2024-11-21 | N/A | 7.8 HIGH | ||
| SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component. | |||||
| CVE-2024-27709 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component. | |||||
| CVE-2024-27574 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters. | |||||
| CVE-2024-25927 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0. | |||||