Export limit exceeded: 366811 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19852 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19852 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28019 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | 5.5 Medium |
| Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. | ||||
| CVE-2023-27846 | 1 Themevolty | 1 Theme Volty Cms Blog | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components. | ||||
| CVE-2023-27845 | 1 Kerawen | 1 Omnichannel Stocks | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components. | ||||
| CVE-2023-27262 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-27260 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-27255 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-27254 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-27074 | 1 Phpgurukul | 1 Bp Monitoring Management System | 2024-11-21 | 9.8 Critical |
| BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page. | ||||
| CVE-2023-26959 | 1 Phpgurukul | 1 Park Ticketing Management System | 2024-11-21 | 9.8 Critical |
| Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter. | ||||
| CVE-2023-26861 | 1 Vivawallet | 1 Viva Wallet | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module. | ||||
| CVE-2023-26859 | 1 Brevo | 1 Brevo | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component. | ||||
| CVE-2023-26584 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-26583 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-26582 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-26581 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-26572 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-26569 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-26568 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-26454 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 7.6 High |
| Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. | ||||
| CVE-2023-26453 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 7.6 High |
| Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. | ||||