Lucene search
K

8289 matches found

OSV
OSV
added 2024/12/04 3:0 p.m.1 views

UBUNTU-CVE-2024-53908

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...

9.8CVSS7.2AI score0.01424EPSS
Exploits0References3
OSV
OSV
added 2024/12/02 3:15 p.m.5 views

CVE-2024-46905

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user at least Network Manager permissions required to achieve privilege escalation to the admin account...

8.8CVSS7.6AI score0.02256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/01 12:0 a.m.5 views

PT-2024-17399 · Unknown · Code-Projects Farmacia

Name of the Vulnerable Software and Affected Versions: code-projects Farmacia version 1.0 Description: A critical issue was found in the /visualizar-produto.php file, affecting an unknown part of it. The manipulation of the id argument leads to SQL injection. It is possible to initiate the attack...

9.8CVSS8.4AI score0.00529EPSS
Exploits1References12
CNNVD
CNNVD
added 2024/11/28 12:0 a.m.3 views

WordPress plugin Distance Based Shipping Calculator SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

8.5CVSS8.8AI score0.00408EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/28 12:0 a.m.3 views

PHPGurukul Complaint Management System 注入漏洞

PHPGurukul Complaint Management System is a complaint management system from PHPGurukul. An injection vulnerability exists in version 1.0 of the PHPGurukul Complaint Management System, which originates in the /admin/reset-password.php file with the parameter email for SQL injection...

9.8CVSS8AI score0.00724EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/28 12:0 a.m.4 views

PHPGurukul Complaint Management System 注入漏洞

PHPGurukul Complaint Management System is a complaint management system from PHPGurukul. An injection vulnerability exists in PHPGurukul Complaint Management System version 1.0, which stems from the parameter emailid in the file /user/index.php that can cause SQL injection...

9.8CVSS8AI score0.00827EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2024/11/27 12:0 a.m.4 views

The vulnerability of the Windows Active Directory (AD) management and reporting software Zoho ManageEngine ADAudit Plus lies in the lack of protection for SQL query structures, allowing attackers to execute custom queries and gain access to database table records.

The vulnerability of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus is related to the lack of protection for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute custom queries and gain access to database table...

8.7CVSS5.7AI score0.04702EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/27 12:0 a.m.6 views

The vulnerability of the audit settings of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus allows a perpetrator to execute custom requests and gain access to the database table records.

The vulnerability of the audit settings of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute custom queries and gai...

8.7CVSS5.8AI score0.04702EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/27 12:0 a.m.5 views

The vulnerability of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus lies in the lack of security measures for SQL query structures. This allows attackers to execute custom queries and gain access to database table records.

The vulnerability of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute user-defined queries and gain access to...

8.7CVSS5.7AI score0.03117EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/11/27 12:0 a.m.2 views

PHPGurukul COVID 19 Testing Management System 安全漏洞

PHPGurukul COVID 19 Testing Management System is a COVID 19 Testing Management System from PHPGurukul Inc. A security vulnerability exists in PHPGurukul COVID 19 Testing Management System v1.0, which stems from an SQL injection vulnerability that allows remote attackers to execute arbitrary code...

9.8CVSS8.7AI score0.00978EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.7 views

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the lack of protection for the SQL query structure, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

9CVSS5.9AI score0.00781EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.3 views

1000 Projects Portfolio Management System MCA 安全漏洞

1000 Projects Portfolio Management System MCA is an open source portfolio management system by 1000 Projects. A security vulnerability exists in 1000 Projects Portfolio Management System MCA version 1.0 due to a SQL injection in parameter name...

9.8CVSS7.8AI score0.00724EPSS
Exploits1References5
OSV
OSV
added 2024/11/25 9:15 a.m.3 views

CVE-2024-11663

A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclose...

9.8CVSS5.8AI score
Exploits0References4
CNNVD
CNNVD
added 2024/11/23 12:0 a.m.2 views

itsourcecode Tailoring Management System 注入漏洞

itsourcecode Tailoring Management System is a tailoring management system from itsourcecode open source. An injection vulnerability exists in itsourcecode Tailoring Management System version 1.0, which originates from the presence of SQL injection...

9.8CVSS7.1AI score0.0066EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.6 views

Visteon Infotainment SQL注入漏洞

Visteon Infotainment is an automotive infotainment system from Visteon Corporation. Visteon Infotainment suffers from a SQL injection vulnerability that stems from improper validation of user-supplied strings when DeviceManager parses iAP serial numbers, which could lead to an attacker executing...

6.8CVSS7.4AI score0.00564EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/22 12:0 a.m.5 views

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks lies in the lack of protective measures for SQL query structures, allowing attackers to execute arbitrary code.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS7.6AI score0.03075EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/11/22 12:0 a.m.7 views

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks lies in the lack of security measures regarding SQL query structures. This allows attackers to execute arbitrary code within the root user’s context.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the root...

9CVSS7.7AI score0.67711EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/11/22 12:0 a.m.5 views

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks lies in the lack of protective measures for SQL query structures, allowing attackers to execute arbitrary code.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS7.6AI score0.03301EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/11/22 12:0 a.m.4 views

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks lies in the lack of security measures regarding SQL query structures. This allows attackers to execute arbitrary code within the root user’s context.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS7.6AI score0.03301EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/11/22 12:0 a.m.6 views

The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of Native Client components in the Microsoft SQL Server database management system is related to numerical truncation errors. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

10CVSS6.1AI score0.01517EPSS
Exploits0References2
Rows per page
Query Builder