CVE-2021-23186

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system...

CVE-2023-23753 Extension - vi-solutions - Visforms Base Package for Joomla 3

The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQL Injection as concatenation is used to construct an SQL Query. An attacker can interact with the database and could be able to read, modify and delete data on it...

PT-2023-8873 · Keepassxc · Keepassxc

Name of the Vulnerable Software and Affected Versions: KeePassXC versions 2.7.5 and earlier Description: A local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the...

CVE-2023-30553

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the sqlapi/apiworkflow.py endpoint ExecuteCheck. User input...

CVE-2023-30556 SQL injection in sql_optimize.py optimize_sqltuningadvisor method in Archery - GHSL-2022-107

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the optimizesqltuningadvisor method of sqloptimize.py. User input comin...

CVE-2023-30554

CVE-2023-30554 affects Archery, an open-source SQL audit platform. The vulnerability concerns multiple SQL injection flaws in the sql_api/api_workflow.py endpoint ExecuteCheck, where unfiltered input from the db_name parameter is passed through to explain_check in sql/engines/oracle.py. This chai...

Imperva is an Overall Leader in the 2023 KuppingerCole Leadership Compass Data Security Platforms Report

Imperva is a leader in every category – Market, Innovation, and Product Imperva, Inc., @Imperva the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, is an Overall Leader in the 2023 KuppingerCole Leadership Compass for Data Security Platforms. Previousl...

Campcodes Advanced Online Voting System SQL Injection Vulnerability (CNVD-2023-29414)

Campcodes Advanced Online Voting System is an online voting system. Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter voter of the file login.php, which can be exploite...

PT-2023-22783 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The issue concerns SQL injection vulnerabilities in the Archery project, which may allow an attacker to query connected databases. The optimize sqltuningadvisor method of sql optimize.py is...

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

PT-2023-2083 · Unknown · Conprosys Hmi

Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI affected versions not specified Description: The issue is related to the lack of protection for the SQL query structure, allowing a remote attacker to gain unauthorized access to protected information by sending specially crafte...

CVE-2023-27821

Databasir v1.0.7 contains a remote code execution (RCE) vulnerability exploitable via the mockDataScript parameter (CVE-2023-27821). The CVSSv3.1 base score is 9.8 (CRITICAL) with NETWORK attack vector and no user interaction. Connected documents corroborate RCE via mockDataScript and indicate Po...

Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022 Audit Logging Failure

Title: Microsoft SQL Server Password Hash Exposure Product: Database Manufacturer: Microsoft Affected Versions: 2012-2022 Risk Level: Medium CVE Reference: N/A Author of Advisory: Emad Al-Mousa Overview: SQL Server is a popular database system, and database systems are a vital backbone in IT...

Fortinet FortiWeb and FortiRecorder Arbitrary File Read Vulnerability

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. and FortiRecorder are vulnerable to arbitrar...

CVE-2023-24777

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list...

CVE-2022-34909

CVE-2022-34909 concerns A4N (Aremis 4 Nomad) Android app 1.5.0. The issue is a SQL Injection vulnerability in the application’s authentication flow that allows an attacker to bypass authentication and retrieve data stored in the database. The available connected data confirms the affected product...

PT-2023-12193 · Undefined · Undefined

‼ CVE-2021-32861 ‼ REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-32856. Reason: This candidate is a reservation duplicate of CVE-2021-32856. Notes: All CVE users should reference CVE-2021-32856 instead of this candidate. All references and descriptions in this candidate have been...

CVE-2023-0019

CVE-2023-0019 affects SAP GRC (Process Control) versions GRCFND_A V1200 and V8100, and GRCPINW V1100_700, V1100_731, V1200_750. A remote-enabled function module allows an authenticated attacker with minimal privileges to access confidential data in client-specific tables, exposing user credential...

Information disclosure

Dell SupportAssist for Home PCs version 3.11.4 and prior and SupportAssist for Business PCs version 3.2.0 and prior contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of...

CVE-2023-22794

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...