ReportizFlow
Filtered by vendor
Subscriptions
Total
17328 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20351 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224771921 | ||||
| CVE-2022-20280 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. This could lead to local information disclosure of sms/mms data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204117261 | ||||
| CVE-2022-1950 | 1 Kainelabs | 1 Youzify | 2024-11-21 | 9.8 Critical |
| The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection | ||||
| CVE-2022-1905 | 1 E-dynamics | 1 Events Made Easy | 2024-11-21 | 9.8 Critical |
| The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | ||||
| CVE-2022-1883 | 1 Camptocamp | 1 Terraboard | 2024-11-21 | 8.8 High |
| SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0. | ||||
| CVE-2022-1800 | 1 Soflyy | 1 Export Any Wordpress Data To Xml\/csv | 2024-11-21 | 7.2 High |
| The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability. | ||||
| CVE-2022-1731 | 1 Allgeier | 1 Metasonic Doc Webclient | 2024-11-21 | 9.8 Critical |
| Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist. | ||||
| CVE-2022-1692 | 1 Dwbooster | 1 Cp Image Store With Slideshow | 2024-11-21 | 9.8 Critical |
| The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack | ||||
| CVE-2022-1691 | 1 Realtyworkstation | 1 Realty Workstation | 2024-11-21 | 4.9 Medium |
| The Realty Workstation WordPress plugin before 1.0.15 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection | ||||
| CVE-2022-1690 | 1 Datainterlock | 1 Note Press | 2024-11-21 | 2.7 Low |
| The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection | ||||
| CVE-2022-1689 | 1 Datainterlock | 1 Note Press | 2024-11-21 | 2.7 Low |
| The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection | ||||
| CVE-2022-1688 | 1 Datainterlock | 1 Note Press | 2024-11-21 | 2.7 Low |
| The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections | ||||
| CVE-2022-1687 | 1 Logo Slider Project | 1 Logo Slider | 2024-11-21 | 2.7 Low |
| The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection | ||||
| CVE-2022-1686 | 1 Five Minute Webshop Project | 1 Five Minute Webshop | 2024-11-21 | 2.7 Low |
| The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection | ||||
| CVE-2022-1685 | 1 Five Minute Webshop Project | 1 Five Minute Webshop | 2024-11-21 | 4.9 Medium |
| The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection | ||||
| CVE-2022-1684 | 1 Webpsilon | 1 Cube Slider | 2024-11-21 | 2.7 Low |
| The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin | ||||
| CVE-2022-1683 | 1 Amtythumb Project | 1 Amtythumb | 2024-11-21 | 8.8 High |
| The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action | ||||
| CVE-2022-1556 | 1 Era404 | 1 Stafflist | 2024-11-21 | 9.8 Critical |
| The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection | ||||
| CVE-2022-1552 | 2 Postgresql, Redhat | 5 Postgresql, Enterprise Linux, Rhel E4s and 2 more | 2024-11-21 | 8.8 High |
| A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. | ||||
| CVE-2022-1531 | 1 Rtx Project | 1 Rtx | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover. | ||||