Export limit exceeded: 18899 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18899 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47219 | 1 Qnap | 1 Qumagie | 2025-04-17 | 3.5 Low |
| A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | ||||
| CVE-2024-0290 | 1 Kashipara | 1 Food Management System | 2025-04-17 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stock_edit.php. The manipulation of the argument item_type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249851. | ||||
| CVE-2024-25517 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | 9.8 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. | ||||
| CVE-2024-25518 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | 9.4 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx. | ||||
| CVE-2024-25519 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | 9.8 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. | ||||
| CVE-2024-25520 | 1 Ruvar | 2 Ruvaroa, Ruvaroa | 2025-04-17 | 9.8 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. | ||||
| CVE-2024-25521 | 1 Ruvar | 2 Ruvaroa, Ruvaroa | 2025-04-17 | 9.4 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. | ||||
| CVE-2024-25522 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | 9.4 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. | ||||
| CVE-2024-25523 | 1 Ruvar | 2 Ruvaroa, Ruvaroa | 2025-04-17 | 9.8 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. | ||||
| CVE-2024-25524 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | 9.4 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. | ||||
| CVE-2024-25525 | 1 Ruvar | 2 Ruvaroa, Ruvaroa | 2025-04-17 | 9.8 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx. | ||||
| CVE-2024-25526 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | 8.1 High |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. | ||||
| CVE-2024-25527 | 1 Ruvar | 2 Ruvaroa, Ruvaroa | 2025-04-17 | 9.4 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. | ||||
| CVE-2024-25529 | 2 Guangzhou Luhua Information Technology, Ruvar | 2 Ruvaroa, Ruvaroa | 2025-04-17 | 9.8 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx. | ||||
| CVE-2024-25530 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | 9.8 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. | ||||
| CVE-2024-25531 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | 9.8 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. | ||||
| CVE-2024-25528 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | 5.9 Medium |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. | ||||
| CVE-2024-25532 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | 9.8 Critical |
| RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. | ||||
| CVE-2024-25533 | 1 Ruvar | 1 Ruvaroa | 2025-04-17 | 9.4 Critical |
| Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements. | ||||
| CVE-2024-0355 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2025-04-17 | 5.5 Medium |
| A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability. | ||||