Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
database vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2016-8355
An issue exists in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, a...
Smiths-medical Cadd-solis Medication Safety Software 3.0
Smiths-medical Cadd-solis Medication Safety Software 1.0
Smiths-medical Cadd-solis Medication Safety Software 2.0
Smiths-medical Cadd-solis Medication Safety Software 3.1
9.8
CVSSv3
CVE-2024-4893
DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote malicious users to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system commands.
9.8
CVSSv3
CVE-2024-2876
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, a...
1 Github repository
1 Article
9.8
CVSSv3
CVE-2024-4300
E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows malicious user to obtain the database credential with the...
9.8
CVSSv3
CVE-2023-48788
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 up to and including 7.2.2, FortiClientEMS 7.0.1 up to and including 7.0.10 allows malicious user to execute unauthorized code or commands via ...
Fortinet Forticlient Enterprise Management Server
6 Github repositories
4 Articles
9.8
CVSSv3
CVE-2024-26264
EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote malicious users to inject SQL commands without authentication, enabling them to read, modify, and delete d...
9.8
CVSSv3
CVE-2024-1207
The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient prepara...
Wpbookingcalendar Booking Calendar
9.8
CVSSv3
CVE-2023-38995
An issue in SCHUHFRIED v.8.22.00 allows remote malicious user to obtain the database password via crafted curl command.
Schuhfried Schuhfried
9.8
CVSSv3
CVE-2024-24811
SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions before 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been pat...
Zope Sqlalchemyda
9.8
CVSSv3
CVE-2023-3211
The WordPress Database Administrator WordPress plugin up to and including 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Dmparekh Wordpress Database Administrator
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »