8268 matches found
CVE-2025-55168 WeGIA SQL Injection via id_fichamedica at endpoint `GET /html/saude/aplicar_medicamento.php`
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicarmedicamento.php endpoint, specifically in the idfichamedica parameter. This vulnerability allows...
CVE-2025-53727
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-49758
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-49759
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-47954
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-47954
CVE-2025-47954 is a Microsoft SQL Server elevation-of-privilege vulnerability arising from improper neutralization of special elements in SQL commands (SQL injection). It affects SQL Server components where an attacker, leveraging network access and with low privileges, can achieve total privileg...
CVE-2025-49759
CVE-2025-49759 is a Microsoft SQL Server Elevation of Privilege vulnerability arising from improper neutralization of input used in SQL commands (SQL injection) in system procedures. An authenticated attacker could exploit this over a network to elevate privileges within the affected SQL Server d...
CVE-2025-53727 Microsoft SQL Server Elevation of Privilege Vulnerability
...
CVE-2025-53727 Microsoft SQL Server Elevation of Privilege Vulnerability
...
CVE-2025-53727
CVE-2025-53727 is an Elevation of Privilege vulnerability in Microsoft SQL Server tied to improper neutralization of SQL elements (SQL injection). Publicly referenced fixes are included in SQL Server 2017 CU31 (build 14.0.3500.1) per KB5063759 and related security updates, and in SQL Server 2017 ...
CVE-2025-49758
CVE-2025-49758 affects Microsoft SQL Server (e.g., SQL Server 2017 line) and is described as an elevation-of-privilege vulnerability caused by improper neutralization of certain elements in SQL commands (SQL injection) that can be exploited by an authenticated, network-present attacker to gain el...
CVE-2025-55167 WeGIA SQL Injection via id_fichamedica at endpoint `GET/html/funcionario/dependente_remover.php`
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/funcionario/dependenteremover.php endpoint, specifically in the iddependente parameter. This vulnerability...
CVE-2025-8296
SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution...
CVE-2025-8296
Ivanti Avalanche contains a SQL injection vulnerability in versions before 6.4.8.8008. The issue arises from improper validation of user-entered SQL statements, enabling a remote authenticated attacker with admin privileges to execute arbitrary SQL queries and, under certain conditions, achieve r...
CVE-2024-41983
A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool...
CVE-2024-41983
A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool...
CVE-2024-41982
A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information...
Microsoft SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
Microsoft SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
Microsoft SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...