Total
16267 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45820 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A | 9.1 CRITICAL |
| SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | |||||
| CVE-2022-45808 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A | 9.9 CRITICAL |
| SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | |||||
| CVE-2022-45805 | 1 Paytm | 1 Payment Gateway | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3. | |||||
| CVE-2022-45373 | 1 Wp-slimstat | 1 Slimstat Analytics | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4. | |||||
| CVE-2022-45355 | 1 Thimpress | 1 Wp Pipes | 2024-11-21 | N/A | 8.2 HIGH |
| Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipes plugin <= 1.33 versions. | |||||
| CVE-2022-45090 | 1 Gruparge | 1 Smartpower Web | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2022-45089 | 1 Gruparge | 1 Smartpower Web | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2022-44588 | 1 Blocksera | 1 Cryptocurrency Widgets Pack | 2024-11-21 | N/A | 9.9 CRITICAL |
| Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress. | |||||
| CVE-2022-44580 | 1 Richplugins | 1 Plugin For Google Reviews | 2024-11-21 | N/A | 9.1 CRITICAL |
| SQL Injection (SQLi) vulnerability in RichPlugins Plugin for Google Reviews plugin <= 2.2.3 versions. | |||||
| CVE-2022-44117 | 1 Boa | 1 Boa | 2024-11-21 | N/A | 9.8 CRITICAL |
| Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL. | |||||
| CVE-2022-43860 | 1 Ibm | 1 I | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305. | |||||
| CVE-2022-43859 | 1 Ibm | 1 I | 2024-11-21 | N/A | 6.3 MEDIUM |
| IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304. | |||||
| CVE-2022-43506 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-43462 | 1 Ip Blacklist Cloud Project | 1 Ip Blacklist Cloud | 2024-11-21 | N/A | 9.1 CRITICAL |
| Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions. | |||||
| CVE-2022-43457 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-43452 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-43447 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | N/A | 8.8 HIGH |
| SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | |||||
| CVE-2022-43437 | 1 Easy Test Project | 1 Easy Test | 2024-11-21 | N/A | 8.8 HIGH |
| The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database. | |||||
| CVE-2022-43318 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | N/A | 8.8 HIGH |
| Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. | |||||
| CVE-2022-43279 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | N/A | 7.2 HIGH |
| LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | |||||