Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

255 matches found

Veracode
Veracodeadded 2025/02/03 3:57 a.m.5 views

SQL Injection

snowflakeconnectorpython is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization in a function from the snowflake.connector.pandastools module, allowing malicious SQL code to be injected and executed...

7CVSS7.8AI score0.00189EPSS
Exploits1References6Affected Software1
Cvelist
Cvelistadded 2025/02/03 12:0 a.m.8 views

CVE-2024-57238

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/procget endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the orderby parameter...

0.00054EPSS
Exploits0References2
Redos
Redosadded 2025/01/09 12:0 a.m.5 views

ROS-20250109-04

Vulnerability of the Fields plug-in of the GLPI system of requests, incidents and inventory of computer equipment is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow An attacker acting remotely could execute arbitrary SQL code...

7.7CVSS8.3AI score0.00107EPSS
Exploits0
Gentoo Linux
Gentoo Linuxadded 2024/09/22 12:0 a.m.14 views

PostgreSQL: Privilege Escalation

Background PostgreSQL is an open source object-relational database management system. Description A vulnerability has been discovered in PostgreSQL. Please review the CVE identifier referenced below for details. Impact An attacker able to create and drop non-temporary objects could inject SQL cod...

8.8CVSS8AI score0.00764EPSS
Exploits0
Redos
Redosadded 2024/09/11 12:0 a.m.269 views

ROS-20240911-02

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

8.8CVSS8.4AI score0.00764EPSS
Exploits0
Redos
Redosadded 2024/09/11 12:0 a.m.9 views

ROS-20240911-21

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

8.8CVSS8.4AI score0.00764EPSS
Exploits0
Redos
Redosadded 2024/09/11 12:0 a.m.6 views

ROS-20240911-19

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

8.8CVSS8.4AI score0.00764EPSS
Exploits0
Redos
Redosadded 2024/09/11 12:0 a.m.6 views

ROS-20240911-20

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

8.8CVSS8.4AI score0.00764EPSS
Exploits0
Redos
Redosadded 2024/08/12 12:0 a.m.12 views

ROS-20240812-13

A vulnerability in GLPI's asset and data center management software involves server-side request forgery. Exploitation of the vulnerability could allow an attacker acting remotely to perform an SSRF-based attack using the creation of an arbitrary object. remotely to execute an SSRF-based attack...

9.6CVSS7.5AI score0.16003EPSS
Exploits2
Tenable Nessus
Tenable Nessusadded 2024/08/08 12:0 a.m.32 views

FreeBSD : PostgreSQL -- Prevent unauthorized code execution during pg_dump (48e6d514-5568-11ef-af48-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 48e6d514-5568-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: An attacker able to create and drop non-temporary objects could inject SQL...

8.8CVSS7.7AI score0.00764EPSS
Exploits0References3
Veracode
Veracodeadded 2024/07/10 7:36 a.m.7 views

SQL Injection

zendframework/zendframework1 is vulnerable to SQL Injection. The vulnerability is due to the improper handling of SQL expressions and comments in the ORDER BY and GROUP BY clauses. Attackers can exploit this vulnerability by injecting malicious SQL code that can alter the intended SQL query and...

8.2AI score
Exploits0
Vulnrichment
Vulnrichmentadded 2024/04/04 11:2 p.m.14 views

CVE-2024-31212 SQL injection in index_chart_data action

InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in indexchartdata action, which receive...

6.7CVSS8.3AI score0.00421EPSS
Exploits1References4
OSV
OSVadded 2024/04/04 11:2 p.m.4 views

CVE-2024-31212 SQL injection in index_chart_data action

InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in indexchartdata action, which receive...

6.7CVSS8.2AI score0.00421EPSS
Exploits1References6
Redos
Redosadded 2024/03/28 12:0 a.m.19 views

ROS-20240328-01

GLPI's asset management and data center management software vulnerability is related to the SQL code injection through administration of dashboards. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQL queries...

9.1CVSS8.5AI score0.00306EPSS
Exploits0
Veracode
Veracodeadded 2023/12/28 8:43 a.m.33 views

SQL Injection

Cacti is vulnerable to SQL Injection. The vulnerability is due to a lack of input sanitization in pollers.php script. This allows an attacker to potentially execute malicious SQL code, resulting in a SQL injection...

8.8CVSS7.3AI score0.91404EPSS
Exploits4References6Affected Software1
NVD
NVDadded 2023/12/22 5:15 p.m.16 views

CVE-2023-49085

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the pollers.php script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the pollers.php. Impact of...

8.8CVSS0.91404EPSS
Exploits4References5
Prion
Prionadded 2023/12/22 5:15 p.m.26 views

Design/Logic Flaw

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the pollers.php script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the pollers.php. Impact of...

6.5CVSS8.3AI score0.91404EPSS
Exploits4References3Affected Software1
Debian CVE
Debian CVEadded 2023/12/22 4:13 p.m.30 views

CVE-2023-49085

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the pollers.php script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the pollers.php. Impact of...

8.8CVSS9.1AI score0.91404EPSS
Exploits4
OSV
OSVadded 2023/12/22 4:13 p.m.24 views

CVE-2023-49085 Cacti SQL Injection vulnerability

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the pollers.php script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the pollers.php. Impact of...

8.8CVSS9.7AI score0.91404EPSS
Exploits4References7
Positive Technologies
Positive Technologiesadded 2023/12/22 12:0 a.m.14 views

PT-2024-12: SQL Injection in Cacti

The vulnerability was identified in Cacti version 1.2.25 and below. It allows to execute arbitrary SQL code. The vulnerability can be exploited by an authorized user using the vulnerable component pollers.php. Vulnerability status: Confirmed by vendor Date of vulnerability detection: 22.12.2023...

8.8CVSS7.9AI score0.91404EPSS
Exploits4References1
Rows per page
Query Builder