Export limit exceeded: 15552 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37486 | 1 Strangerstudios | 1 Paid Memberships Pro | 2024-11-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5. | ||||
| CVE-2024-37393 | 1 Securenvoy | 2 Mfa, Multi-factor Authentication Solutions | 2024-11-21 | 9.8 Critical |
| Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature. | ||||
| CVE-2024-37256 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1. | ||||
| CVE-2024-37225 | 1 Zoho | 1 Marketing Automation | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7. | ||||
| CVE-2024-37112 | 1 Wishlist Member | 1 Wishlist Member | 2024-11-21 | 10 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | ||||
| CVE-2024-37090 | 1 Stylemixthemes | 2 Consulting Elementor Widgets, Masterstudy Elementor Widgets | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0. | ||||
| CVE-2024-36837 | 1 Crmeb | 1 Crmeb | 2024-11-21 | 5.4 Medium |
| SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. | ||||
| CVE-2024-36684 | 1 Prestashop | 1 Pk Customlinks | 2024-11-21 | 9.8 Critical |
| In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2024-36683 | 2024-11-21 | 7.3 High | ||
| SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent method. | ||||
| CVE-2024-36681 | 2024-11-21 | 9.8 Critical | ||
| SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via `pk_isotope::saveData` and `pk_isotope::removeData` methods. | ||||
| CVE-2024-36680 | 1 Promokit | 1 Pkfacebook | 2024-11-21 | 7.5 High |
| In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2024-36678 | 1 Promokit | 1 Pk Themesettings | 2024-11-21 | 9.8 Critical |
| In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2024-36412 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 10 Critical |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | ||||
| CVE-2024-36411 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.6 Critical |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | ||||
| CVE-2024-36410 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.6 Critical |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | ||||
| CVE-2024-36409 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.6 Critical |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | ||||
| CVE-2024-36408 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.6 Critical |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | ||||
| CVE-2024-36393 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 9.9 Critical |
| SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ||||
| CVE-2024-36082 | 1 Codepeople | 1 Music Store | 2024-11-21 | 6.5 Medium |
| SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker. | ||||
| CVE-2024-35750 | 1 Wpdevart | 1 Gallery | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | ||||