Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (17660 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-35630 2024-11-21 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.This issue affects WP TripAdvisor Review Slider: from n/a through 12.6.
CVE-2024-34994 2024-11-21 9.8 Critical
In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection via `ChannableFeedModuleFrontController::postProcess()`.
CVE-2024-34993 2024-11-21 6.3 Medium
In the module "Bulk Export products to Google Merchant-Google Shopping" (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection via`GenerateCategories::renderCategories().
CVE-2024-34992 2024-11-21 8.8 High
SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets()'
CVE-2024-34989 2024-11-21 9.8 Critical
In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via `PrestaPDFProductListModuleFrontController::queryDb().'
CVE-2024-34988 2024-11-21 9.8 Critical
SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods `AskforaquotemodulcustomernewquoteModuleFrontController::run()`, `AskforaquotemoduladdproductnewquoteModuleFrontController::run()`, `AskforaquotemodulCouponcodeModuleFrontController::run()`, `AskforaquotemodulgetshippingcostModuleFrontController::run()`, `AskforaquotemodulgetstateModuleFrontController::run().`
CVE-2024-34534 2024-11-21 7.3 High
A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model.
CVE-2024-34533 2024-11-21 7.3 High
A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute.
CVE-2024-34532 2024-11-21 9.8 Critical
A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query.
CVE-2024-34412 2024-11-21 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through 3.8.1.
CVE-2024-34386 2024-11-21 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1.
CVE-2024-33787 2024-11-21 8.2 High
Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQL injection vulnerability via the tuser_Number parameter at search_user.aspx.
CVE-2024-33292 1 Realisation 1 Mgsd 2024-11-21 8.2 High
SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter.
CVE-2024-33276 1 Prestashop 1 Prestashop 2024-11-21 9.8 Critical
SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes() method.
CVE-2024-33275 1 Webbax 1 Supernewsletter 2024-11-21 9.8 Critical
SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components.
CVE-2024-33273 2024-11-21 9.8 Critical
SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function.
CVE-2024-33272 1 Prestashop 1 Prestashop 2024-11-21 6.8 Medium
SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker to run arbitrary SQL commands via the AutosuggestSearchModuleFrontController::initContent(), and AutosuggestSearchModuleFrontController::getKbProducts() components.
CVE-2024-33269 1 Communitydeveloper 1 Prestaddons Flashsales 2024-11-21 9.8 Critical
SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before allows an attacker to run arbitrary SQL commands via the FsModel::getFlashSales method.
CVE-2024-33268 1 Prestashopmodules 1 Mdgiftproduct 2024-11-21 9.8 Critical
SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an attacker to run arbitrary SQL commands via the MdGiftRule::addGiftToCart method.
CVE-2024-33267 1 Htc 1 Hero 2024-11-21 9.8 Critical
SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function.