Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
database vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2024-2661
The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to blind SQL Injection via the ‘currentIds’ parameter in all versions up to, and including, 1.5.4 due to in...
NA
CVE-2024-33512
There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211)...
1 Article
NA
CVE-2024-32979
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It exists that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nau...
NA
CVE-2024-32967
Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release...
NA
CVE-2024-23995
Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and previous versions allows remote malicious users to execute arbitrary code in the column name of a database table in tabulator-popup-container.
NA
CVE-2024-4307
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an malicious user to send a specially crafted SQL query to the database through different endpoints (/accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/view_cards...
NA
CVE-2024-4308
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an malicious user to send a specially crafted SQL query to the database through different endpoints (/admin/view_users.php?id=1,/admin/viewloan-trans.php?id=1,/admin/view-deposit.php?id...
NA
CVE-2024-4309
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an malicious user to send a specially crafted SQL query to the database through different endpoints (/user/transaction.php?id=1, /user/credit-debit_transaction.php?id=1,/user/view_trans...
9.8
CVSSv3
CVE-2024-4300
E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows malicious user to obtain the database credential with the...
9.9
CVSSv3
CVE-2024-3342
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied paramete...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »