Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35048 | 1 Fidelissecurity | 2 Deception, Network | 2021-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. | |||||
| CVE-2021-39375 | 1 Philips | 1 Tasy Electronic Medical Record | 2021-09-14 | 6.5 MEDIUM | 8.8 HIGH |
| Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. | |||||
| CVE-2019-7481 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier. | |||||
| CVE-2020-18667 | 1 Webport | 1 Webport | 2021-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn. | |||||
| CVE-2014-5071 | 1 Microsemi | 2 S350i, S350i Firmware | 2021-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username. | |||||
| CVE-2015-6028 | 1 Castlerock | 1 Snmpc | 2021-09-13 | 6.5 MEDIUM | 8.8 HIGH |
| Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. | |||||
| CVE-2016-3675 | 1 Huawei | 2 Policy Center, Policy Center Firmware | 2021-09-13 | 6.5 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases. | |||||
| CVE-2021-38706 | 1 Cliniccases | 1 Cliniccases | 2021-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter. | |||||
| CVE-2020-7819 | 2 Microsoft, Ntracker | 2 Windows, Ntracker Usb Enterprise | 2021-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. | |||||
| CVE-2020-19853 | 1 Bluecms Project | 1 Bluecms | 2021-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. | |||||
| CVE-2017-13137 | 1 Formcrafts | 1 Formcraft | 2021-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php. | |||||
| CVE-2020-20340 | 1 S-cms | 1 S-cms | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information. | |||||
| CVE-2021-24303 | 1 Jiangqie | 1 Official Website Mini Program | 2021-09-09 | 6.5 MEDIUM | 8.8 HIGH |
| The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues | |||||
| CVE-2021-24391 | 1 Cashtomer Project | 1 Cashtomer | 2021-09-09 | 6.5 MEDIUM | 8.8 HIGH |
| An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | |||||
| CVE-2021-24392 | 1 Swiftcrm | 1 Club-management-software | 2021-09-09 | 6.5 MEDIUM | 7.2 HIGH |
| An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | |||||
| CVE-2021-24394 | 1 Easy Testimonial Manager Project | 1 Easy Testimonial Manager | 2021-09-09 | 6.5 MEDIUM | 7.2 HIGH |
| An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection | |||||
| CVE-2021-24393 | 1 Comment Highlighter Project | 1 Comment Highlighter | 2021-09-09 | 6.5 MEDIUM | 7.2 HIGH |
| A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | |||||
| CVE-2021-24395 | 1 Geekwebsolution | 1 Embed Youtube Video | 2021-09-09 | 6.5 MEDIUM | 7.2 HIGH |
| The editid GET parameter of the Embed Youtube Video WordPress plugin through 1.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. | |||||
| CVE-2015-8157 | 1 Broadcom | 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more | 2021-09-09 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-4351 | 1 Trendmicro | 1 Email Encryption Gateway | 2021-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||