Export limit exceeded: 18268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29597 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 8.8 High |
| bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. | ||||
| CVE-2023-29432 | 1 Favethemes | 1 Houzez | 2024-11-21 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3. | ||||
| CVE-2023-29096 | 1 Bestwebsoft | 1 Contact Form To Db | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0. | ||||
| CVE-2023-29095 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | 7.6 High |
| Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions. | ||||
| CVE-2023-28788 | 1 Pagevisitcounter | 1 Advanced Page Visit Counter | 2024-11-21 | 7.1 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 6.4.2. | ||||
| CVE-2023-28777 | 1 Learndash | 1 Learndash | 2024-11-21 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection.This issue affects LearnDash LMS: from n/a through 4.5.3. | ||||
| CVE-2023-28748 | 1 Appjetty | 1 Copy Or Move Comments | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4. | ||||
| CVE-2023-28491 | 1 Tribulant | 1 Slideshow Gallery | 2024-11-21 | 6.7 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6. | ||||
| CVE-2023-28329 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.3 Medium |
| Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). | ||||
| CVE-2023-28019 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | 5.5 Medium |
| Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. | ||||
| CVE-2023-27846 | 1 Themevolty | 1 Theme Volty Cms Blog | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components. | ||||
| CVE-2023-27845 | 1 Kerawen | 1 Omnichannel Stocks | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components. | ||||
| CVE-2023-27605 | 1 Wp Reroute Email Project | 1 Wp Reroute Email | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6. | ||||
| CVE-2023-27262 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-27260 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-27255 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-27254 | 1 Idattend | 1 Idweb | 2024-11-21 | 9.8 Critical |
| Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
| CVE-2023-27074 | 1 Phpgurukul | 1 Bp Monitoring Management System | 2024-11-21 | 9.8 Critical |
| BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page. | ||||
| CVE-2023-26959 | 1 Phpgurukul | 1 Park Ticketing Management System | 2024-11-21 | 9.8 Critical |
| Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter. | ||||
| CVE-2023-26861 | 1 Vivawallet | 1 Viva Wallet | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module. | ||||