CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

470 matches found

Cvelist•added 2023/01/30 12:0 a.m.•13 views

CVE-2023-22324

SQL injection vulnerability in the CONPROSYS HMI System CHS Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained...

6.8AI score0.00387EPSS

Exploits0References3

NVD•added 2023/01/03 3:15 a.m.•8 views

CVE-2022-43437

The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database...

8.8CVSS8.9AI score0.00838EPSS

Exploits0References1

CNVD•added 2022/12/27 12:0 a.m.•15 views

AeroCMS SQL Injection Vulnerability (CNVD-2023-00001)

AeroCMS is a content management system from the American company AeroCMS. AeroCMS version v0.0.1 suffers from a SQL injection vulnerability that stems from the vulnerability of the Approve parameter of the CMS system to SQL injection attacks. An attacker can exploit this vulnerability by insertin...

7.2CVSS7.2AI score0.00276EPSS

Exploits1References1

Cvelist•added 2022/10/18 5:40 a.m.•9 views

CVE-2022-39056 Changing Information Technology Inc. RAVA certificate validation system - SQL Injection

RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database...

9.8CVSS10AI score0.00534EPSS

Exploits0References1

IBM Security Bulletins•added 2022/09/25 9:6 p.m.•10 views

Security Bulletin: Multiple Vulnerabilities affect InfoSphere Data Replication Dashboard (CVE-2013-2999, CVE-2013-3001, CVE-2013-3000)

Abstract The InfoSphere Data Replication Dashboard has been affected by multiple vulnerabilities. See description of CVE-2013-2999, CVE-2013-3001, and CVE-2013-3000 below. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-2999 DESCRIPTION: The Infosphere Data Replication Dashboard for mobile device...

9.8CVSS7.3AI score0.00546EPSS

Exploits0Affected Software1

Redos•added 2022/05/24 12:0 a.m.•54 views

ROS-20220524-04

The vulnerability in the Moodle course management system is due to a problem in the logic used to count of failed login attempts. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the account lockout threshold. remotely to bypass the account lockout threshold A...

9.8CVSS7.3AI score0.0685EPSS

Exploits1

NVD•added 2022/05/17 9:15 p.m.•7 views

CVE-2022-1361

The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices...

7.5CVSS0.00205EPSS

Exploits0References1

NVD•added 2022/05/17 9:15 p.m.•11 views

CVE-2022-1358

The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database...

7.5CVSS0.00188EPSS

Exploits0References1

Vulnrichment•added 2022/05/17 8:18 p.m.•5 views

CVE-2022-1361 Cambium Networks cnMaestro SQL Injection

7.4CVSS7.7AI score0.00205EPSS

Exploits0References1

CVE•added 2022/05/17 8:18 p.m.•87 views

CVE-2022-1361

The CVE-2022-1361 entry affects Cambium Networks cnMaestro On-Premises, caused by improper neutralization of special elements used in an SQL command, enabling pre-auth data exfiltration of user and device information. Affected versions are cnMaestro On-Premises prior to 3.0.3-r32, 2.4.2-r29, and ...

7.5CVSS7.8AI score0.00205EPSS

Exploits0References1Affected Software1

CVE•added 2022/05/17 8:12 p.m.•81 views

CVE-2022-1358

CVE-2022-1358 affects Cambium Networks cnMaestro On-Premises, with an SQL Injection flaw due to improper neutralization of special elements in SQL commands. This vulnerability can enable data exfiltration from the cnMaestro database. The issue is specific to the On-Premises deployment and is list...

7.5CVSS6.8AI score0.00188EPSS

Exploits0References1Affected Software1

OSV•added 2022/05/15 11:15 a.m.•11 views

CVE-2021-41965

A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized ENtyid, theID and EID fields used when an Edit action on an existing record is being performed...

8.8CVSS7.8AI score0.0025EPSS

Exploits1References2

Nextcloud•added 2022/04/26 7:51 a.m.•33 views

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Server

None...

9.8CVSS8.7AI score0.01352EPSS

Exploits0References4Affected Software1

Redos•added 2022/03/09 12:0 a.m.•20 views

ROS-20220309-01

A vulnerability in the cyrus-sasl authentication mechanism implementation is related to insufficient password cleansing in the SQL plug-in provided with Cyrus SASL. Exploitation of the vulnerability could allow an attacker, acting remotely, send a specially crafted query to a vulnerable applicati...

8.8CVSS9.1AI score0.00431EPSS

Exploits0

NVD•added 2022/01/17 4:15 p.m.•24 views

CVE-2022-0258

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

8.8CVSS0.00032EPSS

Exploits1References2