Sql injection cve score postgres. Probability of exploitation activity in the next 30 days EPSS Score History SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10. Product GitHub Copilot. order_by SQL injection if order_by is untrusted input from a client of a web application This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability A SQL injection vulnerability in the JoomShopping component versions 1. 2, and SolarWi. This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. 4. For example, Recently published CVEs. 1), affects the PostgreSQL interactive tool psql. php. VMware has evaluated the severity of the issue to be in the Important severity range with a maximum CVSSv3 base score of 8. x. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which. CVE-2020-7471. https://nvd. CVE summarizes: A SQL injection vulnerability in Mybatis plus below 3. nist This score calculates overall vulnerability severity from 0 to 10 and is based on the Common CVE-2024-10440 : The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. 13 and 3. This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System SQL injection vulnerability in Meshery. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, A SQL injection vulnerability in Nagios XI v5. Saved searches Use saved searches to filter your results more quickly CVE-2019-18622. CVE-2023-39361 has a critical severity rating with a CVSS score of 9. CVE-2025-25991 HooskCMS SQL Injection Vulnerability. SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. laravel-jqgrid vulnerable to SQL Injection. , This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System vanna-ai/vanna version v0. 05%. 03%. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL queries via a Python Flask API. 0 up to and including 5. 0 and prior EditEventAttendees. contrib. There is a race condition which can lead to sshd to handle some signals in an unsafe manner. 3 is vulnerable to SQL Injection in admin_reslib. 13. 2, SolarWinds Storage Profiler before 5. 00%. Write better code with AI Affected versions of sequelize are vulnerable to SQL Injection. Probability of exploitation activity in the next 30 days EPSS Score History A high score indicates an elevated risk to be targeted for this vulnerability. Blind SQL injection in contactus. Find and fix This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. CVE Dictionary Entry: CVE-2024-39677 NVD Published Date: 07/08/2024 NVD Last Modified: 11/21/2024 Source: GitHub, Inc. 91%. CVE-2015-2090 : SQL injection vulnerability in the ajax_survey function in settings. CWE - Common Weakness Enumeration. 3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e. Find and fix This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System Input validation will not always prevent SQL injection, especially if you are required to support free-form text fields that could contain arbitrary characters. Probability of exploitation activity in the next 30 days EPSS Score History VMware Avi Load Balancer Blind SQL Injection vulnerability (CVE-2025-22217) Description: VMware AVI Load Balancer contains an unauthenticated blind SQL Injection vulnerability. 04%. Vulnerability. 2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab. Apache Fineract versions 1. A vulnerability exploitable without a target CVE-2025-22211 : A SQL injection vulnerability in the JoomShopping component versions 1. 17%. Metrics CVE Dictionary Entry: CVE-2021-27320 NVD Published Date: 03/24/2021 NVD Knex Knex. 0 allows remote SQL injection. Exploit prediction scoring system (EPSS) score for CVE-2024-9379. 9. CWE is classifying the issue as CWE-89 . ObjectToSQLString. js through 2. Attack The manipulation of the argument searchdata leads to sql injection. The vulnerability is tracked as CVE Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. 0 allows a privileged user with role "admin", "federation", "operations", "portal", or The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL injection vulnerabilities. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2025-2221 : The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and includin. 0 MR1 (21. Documentation. Sign in CVE-2023-25838. 9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list. Exploit prediction scoring system (EPSS) score for CVE-2017-8917. CVE-2019-13292 WebERP SQL Injection. Write better code with AI Security. 83. Search EDB. 0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. 3 for Joomla allows authenticated attackers (administrator) Exploit prediction scoring system (EPSS) score for CVE-2025-22211. 3 for Joomla allows authenticated attackers CVE-2025-22211 JoomShopping SQL Injection. Write better code . SQL injection influences confidentiality, integrity and availability of application it should be scored as C: H /I: H /A: H. Exploit prediction scoring system (EPSS) score for CVE-2024-8503. 2. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2012-2576 : SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5. 5 allows QuerySet. 7 for Wordpress allows remote atta. Sign in CVE-2021-4262. A successful attack could allow any data in a remote MySQL database to be read or modified. 13038, from 2024. References. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2021-41460 : ECShop 4. Probability of exploitation activity in the next 30 days EPSS Score History A SQL injection vulnerability exists in some types implementing ILiteralType. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2020-14295 : A SQL injection issue in color. 9482, from 2024. References CVE-2019-14234. Shellcodes. https: This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System CVE-2023-30944. 17, and Liferay DXP 7. 54%. webapps exploit for PHP platform Exploit Database Exploits. CVE Dictionary Entry: CVE-2025-22217 NVD Published Date: 01/28/2025 NVD Last Modified: 01/28/2025 Severity and CVSS Scoring. 1 release. CVE-2023-40931 : A SQL injection vulnerability in Nagios XI from version 5. Patches are available to remed. The function sequelize. Many high-profile data breaches Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection. Sign in CVE-2022-27479. Probability of exploitation activity in the next 30 days EPSS Score History The "Duplicate Post" WordPress plugin up to and including version 1. $0-$5k: Impacted is confidentiality, integrity, and availability. Exploit prediction scoring system (EPSS) score for CVE-2021-41460. "An attacker who can generate a SQL injection via CVE-2025-1094 can then achieve arbitrary code execution SQL injection in Apache Traffic Control. 9 and before have a vulnerability that all. GHDB. The common CVSS CVE-2020-29574 : An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements . php" component of b2evolution v7. 1 allows authenticated attackers to execute arbitrary SQL comm. Overview Public Exploits Following chart shows the EPSS score history of the vulnerability. 4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. SQL Injection can typically be exploited to read, modify and delete SQL table data. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2025-22217 : Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Exploit prediction scoring system (EPSS) score for CVE-2024-2879. JSONField, and key lookups for django. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, CVE-2024-42005. Sign in CVE-2022-24815. g. 1, >= 8. 8 out of a maximum of 10. 15%. Probability of exploitation activity in the next 30 days EPSS Score History Seacms <=13. Skip to content. 08%. SQL Injection in the "evoadm. twitter (link is CVE-2013-5743 : Multiple SQL injection vulnerabilities in Zabbix 1. 21 - SQL Injection. Notes: The scenario b CWE-89 - The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL TeamPass 3. 10. SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7. 61%. 32%. 30%. CVEID: CVE-2022-22495 DESCRIPTION: IBM i is vulnerable to SQL injection. 99%. 4 is vulnerable to SQL injection in some file-critical functions such as pg_read_file(). 1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode. Probability of exploitation activity in the next 30 days EPSS Score History A SQL injection vulnerability in the project allows UNION based injections, CVE Dictionary Entry: CVE-2023-39344 NVD Published Date: 08/04/2023 NVD Last Modified: 11/21/2024 Source: GitHub, Inc. 2 before 3. Exploit prediction scoring system (EPSS) score for CVE-2021-41746. 11. This issue affects CM A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21. 4, is a SQL injection flaw affecting various API endpoints, including those related to offices and dashboards. 43. php in Cacti 1. Exploit prediction scoring system (EPSS) score for CVE-2023-40931. The attack may be launched remotely. 1. CVE-2025-22976 DingfanzuCMS SQL Injection. 3 CVE-2024-9379 : SQL injection in the admin web console of Ivanti CSA before version 5. 28%. 0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection. Update now to protect against exploits. 0. LOW HIGH. php within the EN_tyid parameter. CVE-2023-1545 . 12 allows an admin to inject SQL via the filter parameter. CVSS scores for CVE-2024-32838 Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen; 9. 12766. The exploit has been disclosed to the public and may be used. We don't have an EPSS score for this CVE yet CVSS scores for CVE-2025-2658 Base Score CVE-2015-7297 : SQL injection vulnerability in Joomla! 3. Probability of exploitation activity in the next 30 days EPSS Score History The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8. Papers. Exploit prediction scoring system (EPSS) score for CVE-2024-6670. DBMS_CDC_SUBSCRIBE and (2) SYS. 0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. If poor SQL commands are used to check user names and Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CM Informatics CM News allows SQL Injection. CVSS Base score: 6. Write better Django 3. 8), and other security bugs. 31%. 0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This issue affects Lockcell: before Description A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). 0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder. With this, attackers can also create and read arbitrary files on the Expedition system. 0, indicating its severity and potential impact on affected systems. CVE-2015-7346 : SQL injection vulnerability in ZCMS 1. Users are recommended to upgrade to version 1. Rated critical with a CVSS score of 9. SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS. 79. 4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, Exploit prediction scoring system (EPSS) score for CVE-2015-7297. This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. The following table lists the changes that have been made to the CVE-2025-25516 vulnerability over time. Sign in CVE-2024-45387. EPSS FAQ. Find and fix This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System CVE-2010-0610 : Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands. 94. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2019-10752. twitter (link is external) facebook (link phpMyAdmin SQL Injection High severity GitHub Reviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Apr 24, 2024 Vulnerability details Dependabot alerts 0 CVE-2025-1132 : A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5. Write better code with AI Moodle SQL Injection vulnerability This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). php component. Privileges . 15. HStoreField, were subject to SQL injection. 1 through 7. 0-1. Sign in CVE-2023-46575. 9 is vulnerable to SQL Injection. Log in; Exploit prediction scoring system (EPSS) score for CVE-2015-7346. References CVE-2024-8503 : An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. 02%. SearchSploit An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8. CWE - Common A SQL injection vulnerability in Nagios XI 5. 9 and before have a vulnerability that allows an authenticated attacker to inject malicious data into some of the REST API endpoints' query parameter. Following chart shows the EPSS score history of the vulnerability. Probability of exploitation activity in the next 30 days EPSS Score History Zimbra has patched CVE-2025-25064, a critical SQL injection flaw (CVSS 9. Exploit prediction scoring system (EPSS) score for CVE-2013-5743. SQL Injection vulnerability in dingfanzuCMS v. 5. 18rc1, 2. Exploit prediction scoring system (EPSS) score for CVE-2025-2221. 0 due to insufficie. SQL injection in apache-superset. A vulnerability in the MySQL Server database could allow a remote, authenticated user to inject SQL code that MySQL replication functionality would run with high privileges. MySQL Stored SQL Injection (CVE-2013-0375) 2. Write better code with AI SQL Injection in GitHub repository pimcore/pimcore prior to 10. The following table lists the changes that have been made to the CVE-2025-25517 vulnerability over time. x before 10. In many cases it also possible to exploit features This CVE record has been updated after NVD enrichment efforts were completed. 26. 4. Exploit prediction scoring system (EPSS) score for CVE-2020-14295. 0. Exploit prediction scoring system (EPSS) score for CVE-2012-2576. 9, this vulnerability exposes Zabbix instances to potential compromise, making it essential for users to take immediate action. The vulnerability is classified under CWE-89 and has a CVSS score of 10. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2023-3673. On Jan 22, 2022, a high severity SQL Injection vulnerability was reported in Casdoor which affected versions before 1. x before 2. 3 before update 6, and 7. Exploit prediction scoring system (EPSS) score for CVE-2020-29574. 0 before 3. Write and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. #1 Trusted Cybersecurity News Platform. Find and fix This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System Learn about the critical SQL injection flaw (CVE-2024-42327) (CVE-2024-42327) with a CVSS score of 9. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9. 71%. x before 1. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197. This vulnerability has been fixed in version 2. 1, which fixes this issue. Find and fix This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System CVE-2017-8917 : SQL injection vulnerability in Joomla! 3. Navigation Menu Toggle navigation. Exploit prediction scoring system (EPSS) score for CVE-2024-10440. 4 due to insufficient sanitization of a user-supplied parameter. By default, VICIdial stor. A SQL Injection issue was discovered in webERP 4. 3. Attack Vector. 24. Exploit prediction scoring system (EPSS) score for CVE-2025-22217. Probability of exploitation activity in the next 30 days EPSS Score History SQL Injection when creating an application with Reactive SQL backend . Attack Complexity. Exploit prediction scoring system (EPSS) score for CVE-2018-6330 In SpringBlade V3. 11 and 7. 1 allows attackers to execute arbitrary SQL commands via unspecified vectors. 6. Probability of exploitation activity in the next 30 days EPSS Score History The manipulation with an unknown input leads to a sql injection vulnerability. 92. As the official security advisory warns , “ Name Description; CVE-2024-9194: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection. php" shopId module. do. Exploit prediction scoring system (EPSS) score for CVE-2015-2090. Probability of exploitation activity in the next 30 days EPSS Score History Exploit prediction scoring system (EPSS) score for CVE-2024-48307 Zabbix, a popular open-source IT infrastructure monitoring tool used by organizations worldwide, has been found to contain a critical SQL injection vulnerability (CVE-2024-42327) with a CVSS score of 9. CVE-2021-41746 : SQL Injection vulnerability exists in all versions of Yonyou TurboCRM. 3 is vulnerable to SQL Injection in admin_paylog. 0 before 2024. including those with the default “User” role. may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to Zabbix, a widely used open-source monitoring solution, recently disclosed a severe SQL injection vulnerability identified as CVE-2024-42327. 8. 47%. 2 allows a remote authenticated attacker with admin privileges to run arbitrar. 1 allows a remote attacker to obtain sensitive information via the /install/index. 0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted p. Exploit prediction scoring system (EPSS) score for CVE-2025-1132. 5. 1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function. Write better code with AI and 3. This issue affects Octopus Server: from 2024. PEEL Shopping version 9. By manipulating specific API calls, attackers can inject malicious Cacti, a widely used operational monitoring tool, is vulnerable to a SQL injection flaw that may allow an attacker to perform code execution on successful exploitation. 1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings. CVE-2024-45876; CVE-2024-45875; CVE-2015-7346 : SQL injection vulnerability in ZCMS 1. x before 3. 7. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. While CVE CVE-2021-35042. php in Doctor Appointment System 1. 7. Upon a successful SQL injection attack, There is SQL injection vulnerability in Esri ArcGIS Skip to content. NETWORK ADJACENT LOCAL PHYSICAL. 0 High severity Unreviewed Published Oct 11, 2023 to the GitHub Advisory Database • Updated Apr 11, 2024 CVE-2023-50578. Exploit prediction scoring system (EPSS) score for CVE-2025-0455. Known Attack Vectors: CVE-2025-0455 : The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands t. Vulnerability Scoring System. This could, This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring Learn about CVE-2024-12909, a critical SQL injection vulnerability in LlamaIndex that can lead to remote code execution. 12 and 10. 2. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Probability of exploitation activity in the next 30 days EPSS Score History SQL Injection vulnerability in hooskcms v. This CVE-2024-6670 : In WhatsUp Gold versions released before 2024. An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. json() This score calculates overall vulnerability severity from 0 to 10 and is based on CVE-2024-32838 : SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. 1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. php in the WordPress Survey and Poll plugin 1. fields. Probability of exploitation activity in the next 30 days EPSS Score History CVE-2025-0103 : An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, Exploit prediction scoring system (EPSS) score for CVE-2025-0103. CWE - The vulnerability, classified as “important” with a CVSSv4 score of 9. This vulnerability is only exploitable when chained with other attacks. This vulnerability impacts SMA100 build version 10. CVE-2024-2879 : The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7. Write better code with AI A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. CVSS scores for CVE-2010-0610 Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen; 7. via the orgcode parameter in changepswd. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could SQL Injection vulnerability in Koha Library Software 23. Write better code with AI Mingsoft MCMS v5. Exploit prediction scoring system (EPSS) score for CVE-2025-2658. 9rc1, and 2.
ijueq buauiv imbhwn ipwbci qosdy hjg akjpb avejj vtdsuw wjci jwhgaxe zqjgucqk ecsxh iegt yupt