Total
16419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38708 | 1 Ukrsolution | 1 Barcode Scanner And Inventory Manager | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows SQL Injection.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.6.1. | ||||
| CVE-2024-38692 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-11-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11. | ||||
| CVE-2024-38348 | 2 Code-projects, Health Care Hospital Management System Project | 2 Health Care Hospital Management System, Health Care Hospital Management System | 2024-11-21 | 6.5 Medium |
| CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter. | ||||
| CVE-2024-38347 | 2 Codeprojects, Health Care Hospital Management System Project | 2 Health Care Hospital Management System, Health Care Hospital Management System | 2024-11-21 | 8.8 High |
| CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter. | ||||
| CVE-2024-38289 | 2 R-hub, Rhubcom | 2 Turbomeeting, Turbomeeting | 2024-11-21 | 9.8 Critical |
| A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input. | ||||
| CVE-2024-37873 | 2 Itsourcecode, Payroll Management System Project | 2 Payroll Management System Project In Php With Source Code, Payroll Management System | 2024-11-21 | 9.1 Critical |
| SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2024-37870 | 1 Itsourcecode | 1 Learning Management System Project In Php | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2024-37849 | 1 Itsourcecode | 1 Billing System | 2024-11-21 | 9.8 Critical |
| A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. | ||||
| CVE-2024-37848 | 1 Itsource | 1 Online Bookstore Project | 2024-11-21 | 8.4 High |
| SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admin_delete.php component. | ||||
| CVE-2024-37843 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 7.5 High |
| Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint. | ||||
| CVE-2024-37831 | 1 Itsourcecode | 1 Payroll Management System | 2024-11-21 | 9.1 Critical |
| Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter. | ||||
| CVE-2024-37802 | 2 Codeprojects, Health Care Hospital Management System Project | 2 Health Care Hospital Management System, Health Care Hospital Management System | 2024-11-21 | 9.4 Critical |
| CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter. | ||||
| CVE-2024-37791 | 1 Duxcms Project | 1 Duxcms | 2024-11-21 | 6 Medium |
| DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?class_id. | ||||
| CVE-2024-37699 | 1 Softnews Media Group | 1 Datalife Engine | 2024-11-21 | 9.8 Critical |
| An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in dboption. | ||||
| CVE-2024-37564 | 2024-11-21 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7. | ||||
| CVE-2024-37494 | 1 Kainelabs | 1 Youzify | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaineLabs Youzify.This issue affects Youzify: from n/a through 1.2.5. | ||||
| CVE-2024-37486 | 1 Strangerstudios | 1 Paid Memberships Pro | 2024-11-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5. | ||||
| CVE-2024-37393 | 1 Securenvoy | 2 Mfa, Multi-factor Authentication Solutions | 2024-11-21 | 9.8 Critical |
| Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature. | ||||
| CVE-2024-37256 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1. | ||||
| CVE-2024-37252 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.25. | ||||