Lucene search
K

1987 matches found

NVD
NVD
added 2025/05/23 1:15 p.m.4 views

CVE-2025-47575

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 92.0.0...

8.5CVSS0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:39 a.m.10 views

CVE-2025-24353

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instanc...

5CVSS7.4AI score0.00372EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:34 a.m.14 views

CVE-2025-22140

WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependentelistarum.php endpoint, specifically in the iddependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...

9.4CVSS8.4AI score0.00673EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:20 a.m.7 views

CVE-2024-27790

Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests...

7.5CVSS6.7AI score0.00462EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.5 views

CVE-2024-12473

The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT GPT-4o 128K plugin for WordPress is vulnerable to SQL Injection via the 'templateid' parameter of the 'articlebuildergeneratedata' shortcode in all versions up to, and...

6.5CVSS7.2AI score0.00492EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:32 a.m.7 views

CVE-2024-21058

Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit...

4.9CVSS5.8AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:36 a.m.4 views

CVE-2024-4996

Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP installations. This issue affects Wapro ERP Desktop versions before 8.90....

9.8CVSS6.7AI score0.00543EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:12 a.m.11 views

CVE-2024-35143

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM...

9.1CVSS6.8AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:54 a.m.5 views

CVE-2023-2188

The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘postid’ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.2CVSS7.2AI score0.00846EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:52 a.m.13 views

CVE-2023-46785

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partnerpreference.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS8.3AI score0.00831EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:15 a.m.7 views

CVE-2023-41038

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long CHAR length, which causes the...

7.5CVSS6.8AI score0.00658EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.6 views

CVE-2023-38724

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183...

9.8CVSS6.6AI score0.00465EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:39 a.m.12 views

CVE-2023-5466

The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS7.2AI score0.00797EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.6 views

PT-2025-22708 · Goodlayers · Goodlayers Hostel

Name of the Vulnerable Software and Affected Versions: Goodlayers Hostel versions n/a through 3.1.2 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection' vulnerability, which allows Blind SQL Injection...

9.3CVSS9.3AI score0.00371EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.5 views

PT-2025-22747 · Metagauss · Metagauss Profilegrid

Name of the Vulnerable Software and Affected Versions: Metagauss ProfileGrid versions n/a through 5.9.5.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

8.5CVSS9.1AI score0.00329EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 11:41 p.m.6 views

CVE-2022-40831

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php like function. Note: Multiple third parties have disputed this as not a valid vulnerability...

9.8CVSS8AI score0.0089EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:50 p.m.5 views

CVE-2021-31830

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized...

5.9CVSS5.9AI score0.00501EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:23 p.m.15 views

CVE-2021-23895

Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...

9CVSS6.6AI score0.0187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:23 p.m.11 views

CVE-2021-23894

Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...

10CVSS7.1AI score0.02242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:23 p.m.4 views

CVE-2021-23896

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security DBSec prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to...

4.5CVSS6.9AI score0.00204EPSS
Exploits0References1
Rows per page
Query Builder