Total
16884 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37831 | 1 Itsourcecode | 1 Payroll Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter. | |||||
| CVE-2024-37802 | 1 Health Care Hospital Management System Project | 1 Health Care Hospital Management System | 2024-11-21 | N/A | 8.8 HIGH |
| CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter. | |||||
| CVE-2024-37791 | 2024-11-21 | N/A | 6.0 MEDIUM | ||
| DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?class_id. | |||||
| CVE-2024-37699 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in dboption. | |||||
| CVE-2024-37564 | 2024-11-21 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7. | |||||
| CVE-2024-37494 | 1 Kainelabs | 1 Youzify | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaineLabs Youzify.This issue affects Youzify: from n/a through 1.2.5. | |||||
| CVE-2024-37486 | 1 Strangerstudios | 1 Paid Memberships Pro | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5. | |||||
| CVE-2024-37393 | 1 Securenvoy | 1 Multi-factor Authentication Solutions | 2024-11-21 | N/A | 7.5 HIGH |
| Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature. | |||||
| CVE-2024-37256 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1. | |||||
| CVE-2024-37252 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.25. | |||||
| CVE-2024-37225 | 1 Zoho | 1 Marketing Automation | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7. | |||||
| CVE-2024-37112 | 1 Wishlist Member | 1 Wishlist Member | 2024-11-21 | N/A | 10.0 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | |||||
| CVE-2024-37090 | 1 Stylemixthemes | 2 Consulting Elementor Widgets, Masterstudy Elementor Widgets | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0. | |||||
| CVE-2024-36840 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php. | |||||
| CVE-2024-36837 | 1 Crmeb | 1 Crmeb | 2024-11-21 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. | |||||
| CVE-2024-36779 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. | |||||
| CVE-2024-36684 | 1 Prestashop | 1 Pk Customlinks | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2024-36683 | 2024-11-21 | N/A | 7.3 HIGH | ||
| SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent method. | |||||
| CVE-2024-36681 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via `pk_isotope::saveData` and `pk_isotope::removeData` methods. | |||||
| CVE-2024-36680 | 2024-11-21 | N/A | 7.5 HIGH | ||
| In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||