Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2024-6670
CRITICAL CVSS 9.8 KEV
Find Similar
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
CVE-2024-6671
CRITICAL CVSS 9.8
Find Similar
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encr
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's passwo
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege esca
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escala
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalati
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalat
In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.
In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup.
CVE-2024-46909
CRITICAL CVSS 9.8
Find Similar
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWAR
In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure.
Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can s
CVE-2025-65133
CRITICAL CVSS 9.8
Find Similar
A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affect
Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parame
Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id pa
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountByID function due to improper neutralization of special elements in a SQL SELECT command.
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special eleme
Page 1+ Next →