Export limit exceeded: 334461 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334461 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33966 | 1 Janobe | 8 Credit Card, Debit Card Payment, Janobe Credit Card and 5 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'xtsearch' in '/admin/mod_reports/index.php' parameter. | ||||
| CVE-2023-5000 | 1 Gopiplus | 1 Horizontal Scrolling Announcement | 2024-08-08 | 8.8 High |
| The Horizontal scrolling announcements plugin for WordPress is vulnerable to SQL Injection via the plugin's 'hsas-shortcode' shortcode in versions up to, and including, 2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-41309 | 2 Enjay, Enjayworld | 2 Crm, Enjay Crm | 2024-08-08 | 8.4 High |
| An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. | ||||
| CVE-2024-34480 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2024-08-08 | 9.8 Critical |
| SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection. | ||||
| CVE-2024-7561 | 1 Shahriar0822 | 1 The Next | 2024-08-08 | 8.8 High |
| The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the wpeden_post_meta post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||||
| CVE-2024-5963 | 1 Hitachi | 1 Device Manager | 2024-08-08 | 6.7 Medium |
| Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00. | ||||
| CVE-2024-33962 | 1 Janobe | 8 Credit Card, Debit Card Payment, Janobe Credit Card and 5 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/index.php' parameter. | ||||
| CVE-2024-33964 | 1 Janobe | 8 Credit Card, Debit Card Payment, Janobe Credit Card and 5 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_users/index.php' parameter. | ||||
| CVE-2024-33963 | 1 Janobe | 8 Credit Card, Debit Card Payment, Janobe Credit Card and 5 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_room/index.php' parameter. | ||||
| CVE-2024-33961 | 1 Janobe | 6 Credit Card, Debit Card Payment, Janobe Credit Card and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/controller.php' parameter. | ||||
| CVE-2024-33965 | 1 Janobe | 8 Credit Card, Debit Card Payment, Janobe Credit Card and 5 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in '/tubigangarden/admin/mod_accomodation/index.php' parameter. | ||||
| CVE-2024-33967 | 1 Janobe | 6 Credit Card, Debit Card Payment, Paypal and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/attendance_print.php' parameter. | ||||
| CVE-2024-33968 | 1 Janobe | 6 Credit Card, Debit Card Payment, Paypal and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/index.php' parameter. | ||||
| CVE-2024-33969 | 1 Janobe | 6 Credit Card, Debit Card Payment, Paypal and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/AttendanceMonitoring/department/index.php' parameter. | ||||
| CVE-2024-33971 | 1 Janobe | 5 Credit Card, Debit Card Payment, Paypal and 2 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'username' in '/login.php' parameter. | ||||
| CVE-2024-33972 | 1 Janobe | 6 Credit Card, Debit Card Payment, Paypal and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'events' in '/report/event_print.php' parameter. | ||||
| CVE-2024-33973 | 1 Janobe | 6 Credit Card, Debit Card Payment, Paypal and 3 more | 2024-08-08 | 9.8 Critical |
| SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/report/attendance_print.php' parameter. | ||||
| CVE-2024-41242 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 5.5 Medium |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter. | ||||
| CVE-2024-41245 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details. | ||||
| CVE-2024-41244 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details. | ||||