Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mysql vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34919
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows malicious users to execute arbitrary code via uploading a crafted file.
NA
CVE-2024-34224
Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote malicious users to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.
NA
CVE-2024-34225
Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote malicious users to inject arbitrary web script or HTML via the name, shortname parameters.
NA
CVE-2023-50718
NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped `table_name`. This vulnerability may result in leakage of sensitive data in the data...
NA
CVE-2024-32886
Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and ...
NA
CVE-2023-51588
Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local malicious users to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability...
NA
CVE-2024-32979
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It exists that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nau...
NA
CVE-2024-32879
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has...
NA
CVE-2024-21511
Versions of the package mysql2 prior to 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
NA
CVE-2024-32480
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions before 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and con...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »