Total
17437 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25960 | 1 Zendrop | 1 Zendrop | 2024-11-21 | 10 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. | ||||
| CVE-2023-25839 | 3 Apple, Esri, Microsoft | 3 Macos, Arcgis Insights, Windows | 2024-11-21 | 7 High |
| There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected. | ||||
| CVE-2023-25838 | 1 Esri | 1 Arcgis Insights | 2024-11-21 | 7.5 High |
| There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected. | ||||
| CVE-2023-25800 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0. | ||||
| CVE-2023-25700 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | ||||
| CVE-2023-25651 | 1 Zte | 4 Mf286r, Mf286r Firmware, Mf833u1 and 1 more | 2024-11-21 | 4.3 Medium |
| There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak. | ||||
| CVE-2023-25432 | 1 Online Reviewer Management System Project | 1 Online Reviewer Management System | 2024-11-21 | 7.2 High |
| An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php. | ||||
| CVE-2023-25330 | 1 Mybatis | 1 Mybatis | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection. | ||||
| CVE-2023-25197 | 1 Apache | 1 Fineract | 2024-11-21 | 6.3 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through 1.8.2. | ||||
| CVE-2023-25196 | 1 Apache | 1 Fineract | 2024-11-21 | 4.3 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2. | ||||
| CVE-2023-25047 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | 7.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | ||||
| CVE-2023-25045 | 1 Carrcommunications | 1 Rsvpmaker | 2024-11-21 | 6.7 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | ||||
| CVE-2023-24726 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 9.8 Critical |
| Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page. | ||||
| CVE-2023-24000 | 1 Gamipress | 1 Gamipress | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. | ||||
| CVE-2023-23991 | 2024-11-21 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3. | ||||
| CVE-2023-23758 | 1 Creative-solutions | 1 Creative Gallery | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | ||||
| CVE-2023-23757 | 1 Bestaddon | 1 Bestaddon Gallery | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | ||||
| CVE-2023-23737 | 1 Managewp | 1 Broken Link Checker | 2024-11-21 | 9.3 Critical |
| Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions. | ||||
| CVE-2023-23660 | 1 Mainwp | 1 Mainwp Maintenance Extension | 2024-11-21 | 8.5 High |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainWP Maintenance Extension plugin <= 4.1.1 versions. | ||||
| CVE-2023-23651 | 1 Mainwp | 1 Mainwp Google Analytics Extension | 2024-11-21 | 8.5 High |
| Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin <= 4.0.4 versions. | ||||