CVE Vulnerability Database

Search and browse 42 known security vulnerabilities. Filter by severity, vendor, product, and year.

42 vulnerabilities found
Recent Highest Score Oldest
Severity: Critical × Year: 2024 × Clear all
CVE-2024-7071
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection. This issue affects Brain Low-Code: before 2.1.0.

Brainlowcode Brain Low-Code Aug 27, 2024
CVE-2024-7593
9.8 critical

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

Ivanti Virtual Traffic Manager Aug 13, 2024
CVE-2024-6917
9.8 critical

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection. This issue affects Veribase Order Management: before v4.010.2.

Veribase Order Management Aug 12, 2024
CVE-2024-6699
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mikafon Electronic Inc. Mikafon MA7 allows SQL Injection. This issue affects Mikafon MA7: from v3.0 before v3.1.

Mikafon Ma7 Firmware Jul 30, 2024
CVE-2024-0857
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection. This issue affects FlexWater Corporate Water Management: before 5.452.0.

Uni-Yaz Flexwater Corporate Water Management Jul 18, 2024
CVE-2024-5619
9.6 critical

Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Apinizer Management Console: before 2024.05.1.

Jul 18, 2024
CVE-2024-5618
9.9 critical

Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Apinizer Management Console: before 2024.05.1.

Jul 18, 2024
CVE-2024-1107
9.8 critical

Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Travel APPS: before v17.0.68.

Talyabilisim Travel Apps Jun 27, 2024
CVE-2024-0949
9.8 critical

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68.

Jun 27, 2024
CVE-2024-0947
9.8 critical

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb: befor

Jun 27, 2024
CVE-2024-4228
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO (Single Sign On) allows SQL Injection. This issue

Jun 26, 2024
CVE-2024-5683
9.8 critical

Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion. This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5.

Jun 24, 2024
CVE-2024-1100
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection. This issue affects DIGIKENT GIS: through 2.23.5.

May 30, 2024
CVE-2024-3375
9.4 critical

Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84.

Apr 29, 2024
CVE-2024-30166
9.1 critical

In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.

Trustedfirmware Mbed Tls Apr 3, 2024
CVE-2024-2865
9.8 critical

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection. This issue affects Quality Management System: through 25032024.

Mar 25, 2024
CVE-2024-1202
9.8 critical

Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass. This issue affects Octopod: before v1.  NOTE: The vendor was contacted and it was learned that the product is not supported.

Mar 21, 2024
CVE-2024-27304
9.8 critical

pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The

Jackc Pgproto3 Mar 6, 2024