Export limit exceeded: 19630 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19630 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26439 | 1 Open-xchange | 1 Open-xchange Appsuite Office | 2024-11-21 | 7.6 High |
| The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known. | ||||
| CVE-2023-26217 | 1 Tibco | 1 Ebx Add-ons | 2024-11-21 | 8.8 High |
| The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0. | ||||
| CVE-2023-25839 | 3 Apple, Esri, Microsoft | 3 Macos, Arcgis Insights, Windows | 2024-11-21 | 7 High |
| There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected. | ||||
| CVE-2023-25838 | 1 Esri | 1 Arcgis Insights | 2024-11-21 | 7.5 High |
| There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected. | ||||
| CVE-2023-25651 | 1 Zte | 4 Mf286r, Mf286r Firmware, Mf833u1 and 1 more | 2024-11-21 | 4.3 Medium |
| There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak. | ||||
| CVE-2023-25432 | 1 Online Reviewer Management System Project | 1 Online Reviewer Management System | 2024-11-21 | 7.2 High |
| An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php. | ||||
| CVE-2023-25330 | 1 Mybatis | 1 Mybatis | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection. | ||||
| CVE-2023-25197 | 1 Apache | 1 Fineract | 2024-11-21 | 6.3 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through 1.8.2. | ||||
| CVE-2023-25196 | 1 Apache | 1 Fineract | 2024-11-21 | 4.3 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2. | ||||
| CVE-2023-24726 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 9.8 Critical |
| Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page. | ||||
| CVE-2023-23758 | 1 Creative-solutions | 1 Creative Gallery | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | ||||
| CVE-2023-23757 | 1 Bestaddon | 1 Bestaddon Gallery | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | ||||
| CVE-2023-23737 | 1 Managewp | 1 Broken Link Checker | 2024-11-21 | 9.3 Critical |
| Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions. | ||||
| CVE-2023-23660 | 1 Mainwp | 1 Mainwp Maintenance Extension | 2024-11-21 | 8.5 High |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainWP Maintenance Extension plugin <= 4.1.1 versions. | ||||
| CVE-2023-23651 | 1 Mainwp | 1 Mainwp Google Analytics Extension | 2024-11-21 | 8.5 High |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin <= 4.0.4 versions. | ||||
| CVE-2023-23634 | 1 Documize | 1 Documize | 2024-11-21 | 9.8 Critical |
| SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. | ||||
| CVE-2023-23563 | 1 Geomatika | 1 Isigeo Web | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection. | ||||
| CVE-2023-23162 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 9.8 Critical |
| Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php. | ||||
| CVE-2023-23156 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 9.8 Critical |
| Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page. | ||||
| CVE-2023-23155 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 9.8 Critical |
| Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login. | ||||