Export limit exceeded: 19010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19010 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1683 | 1 Amtythumb Project | 1 Amtythumb | 2024-11-21 | 8.8 High |
| The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action | ||||
| CVE-2022-1556 | 1 Era404 | 1 Stafflist | 2024-11-21 | 9.8 Critical |
| The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection | ||||
| CVE-2022-1552 | 2 Postgresql, Redhat | 5 Postgresql, Enterprise Linux, Rhel E4s and 2 more | 2024-11-21 | 8.8 High |
| A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. | ||||
| CVE-2022-1531 | 1 Rtx Project | 1 Rtx | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover. | ||||
| CVE-2022-1472 | 1 Codesolz | 1 Better Find And Replace | 2024-11-21 | 7.2 High |
| The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection | ||||
| CVE-2022-1429 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 High |
| SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data | ||||
| CVE-2022-1339 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 High |
| SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | ||||
| CVE-2022-1281 | 1 10web | 1 Photo Gallery | 2024-11-21 | 9.8 Critical |
| The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible. | ||||
| CVE-2022-1277 | 1 Inavitas | 1 Solar Log | 2024-11-21 | 9.4 Critical |
| Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. | ||||
| CVE-2022-1258 | 1 Mcafee | 1 Agent | 2024-11-21 | 8.4 High |
| A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server. | ||||
| CVE-2022-1219 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 High |
| SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | ||||
| CVE-2022-1182 | 1 Visual Slide Box Builder Project | 1 Visual Slide Box Builder | 2024-11-21 | 8.8 High |
| The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections | ||||
| CVE-2022-1123 | 1 Mapsmarker | 1 Leaflet Maps Marker | 2024-11-21 | 7.2 High |
| The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks. | ||||
| CVE-2022-1064 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 8.8 High |
| SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. | ||||
| CVE-2022-1057 | 1 Varktech | 1 Pricing Deals For Woocommerce | 2024-11-21 | 9.8 Critical |
| The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection | ||||
| CVE-2022-1023 | 1 Secondlinethemes | 1 Podcast Importer Secondline | 2024-11-21 | 7.2 High |
| The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file | ||||
| CVE-2022-1014 | 1 Labarta | 1 Wp Contacts Manager | 2024-11-21 | 9.8 Critical |
| The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. | ||||
| CVE-2022-1013 | 1 Ays-pro | 1 Personal Dictionary | 2024-11-21 | 9.8 Critical |
| The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. | ||||
| CVE-2022-1006 | 1 Elbtide | 1 Advanced Booking Calendar | 2024-11-21 | 7.2 High |
| The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks | ||||
| CVE-2022-0983 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 8.8 High |
| An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. | ||||