Total
19352 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1358 | 1 Cambiumnetworks | 1 Cnmaestro | 2025-04-16 | 5.9 Medium |
| The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database. | ||||
| CVE-2022-1361 | 1 Cambiumnetworks | 1 Cnmaestro | 2025-04-16 | 7.4 High |
| The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices. | ||||
| CVE-2022-2136 | 1 Advantech | 1 Iview | 2025-04-16 | 8.8 High |
| The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. | ||||
| CVE-2022-2142 | 1 Advantech | 1 Iview | 2025-04-16 | 8.1 High |
| The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. | ||||
| CVE-2022-40967 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||
| CVE-2022-41773 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||
| CVE-2022-41133 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||
| CVE-2022-43447 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-43452 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-41775 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2022-43506 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 8.8 High |
| SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network | ||||
| CVE-2024-33146 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 9.1 Critical |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function. | ||||
| CVE-2024-33164 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 9.8 Critical |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. | ||||
| CVE-2024-33161 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 5.3 Medium |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. | ||||
| CVE-2024-33155 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 9.8 Critical |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. | ||||
| CVE-2024-33153 | 2 Dromara, J2eefast | 2 J2eefast, J2eefast | 2025-04-16 | 9.8 Critical |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. | ||||
| CVE-2024-33149 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 8.1 High |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. | ||||
| CVE-2024-33148 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 7.3 High |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. | ||||
| CVE-2024-33147 | 1 J2eefast | 1 J2eefast | 2025-04-16 | 8.8 High |
| J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function. | ||||
| CVE-2022-21176 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2025-04-16 | 8.6 High |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information. | ||||