Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mysql vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-38922
BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload.
Iss-oberlausitz Bluepage Cms
9.8
CVSSv3
CVE-2020-29168
SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows malicious users to gain sensitive information via the q parameter to the getuser.php endpoint.
Online Doctor Appointment Booking System Php And Mysql Project Online Doctor Appointment Booking System Php And Mysql 1.0
9.8
CVSSv3
CVE-2023-22884
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: prior to 2.5.1; Apache Airflow MyS...
Apache Airflow
Apache Apache-airflow-providers-mysql
2 Github repositories
9.8
CVSSv3
CVE-2015-10050
A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The patch is identified as 3...
Mirna Database By Php Mysql Project Mirna Database By Php Mysql
9.8
CVSSv3
CVE-2018-25070
A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to ve...
Aista Phosphorus Five
9.8
CVSSv3
CVE-2022-45347
Apache ShardingSphere-Proxy before 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an malicious user to execute normal commands by constructing a special MySQL client. This vulnerabil...
Apache Shardingsphere
9.8
CVSSv3
CVE-2022-45136
Apache Jena SDB 3.17.0 and previous versions is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this...
Apache Jena Sdb
9.8
CVSSv3
CVE-2022-39312
Dataease is an open source data visualization analysis tool. Dataease before 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `ba...
Dataease Dataease
1 Github repository
9.8
CVSSv3
CVE-2022-3275
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
Puppet Puppetlabs-mysql
Fedoraproject Fedora 36
Fedoraproject Fedora 37
9.8
CVSSv3
CVE-2022-39135
Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposin...
Apache Calcite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »