Export limit exceeded: 18836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18836 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38825 | 2024-11-21 | 9.8 Critical | ||
| SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php. | ||||
| CVE-2023-38773 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php. | ||||
| CVE-2023-38771 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php. | ||||
| CVE-2023-38770 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php. | ||||
| CVE-2023-38769 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php. | ||||
| CVE-2023-38768 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php. | ||||
| CVE-2023-38767 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php. | ||||
| CVE-2023-38765 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php. | ||||
| CVE-2023-38764 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php. | ||||
| CVE-2023-38763 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 6.5 Medium |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. | ||||
| CVE-2023-38762 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. | ||||
| CVE-2023-38760 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 7.5 High |
| SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. | ||||
| CVE-2023-38190 | 1 Superwebmailer | 1 Superwebmailer | 2024-11-21 | 8.8 High |
| An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter. | ||||
| CVE-2023-38044 | 1 Hikashop | 1 Hikashop | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | ||||
| CVE-2023-37924 | 1 Apache | 1 Submarine | 2024-11-21 | 9.8 Critical |
| Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before 0.8.0. We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins. If using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this. | ||||
| CVE-2023-37824 | 1 Sitolog | 1 Sitolog Application Connect | 2024-11-21 | 9.8 Critical |
| Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. | ||||
| CVE-2023-37772 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-21 | 8.8 High |
| Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. | ||||
| CVE-2023-37771 | 1 Phpgurukul | 1 Art Gallery Management System | 2024-11-21 | 9.8 Critical |
| Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. | ||||
| CVE-2023-37687 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2024-11-21 | 7.2 High |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal. | ||||
| CVE-2023-37682 | 1 Judging Management System Project | 1 Judging Management System | 2024-11-21 | 9.8 Critical |
| Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php. | ||||