Every CVE whose affected-product data names Ruvar Ruvaroa, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2024-25519 — CVSS 9.8 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx.
CVE-2024-25520 — CVSS 9.8 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.as…
CVE-2024-25532 — CVSS 9.8 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.
CVE-2024-25531 — CVSS 9.8 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.a…
CVE-2024-25523 — CVSS 9.8 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx.
CVE-2024-25510 — CVSS 9.8 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.a…
CVE-2024-25525 — CVSS 9.8 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload…
CVE-2024-25529 — CVSS 9.8 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_s…
CVE-2024-25530 — CVSS 9.8 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condictio…
CVE-2024-25517 — CVSS 9.8 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx.
CVE-2024-25508 — CVSS 9.8 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.a…
CVE-2024-25533 — CVSS 9.4 (critical): Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This…
CVE-2024-25509 — CVSS 9.4 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at…
CVE-2024-25511 — CVSS 9.4 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.as…
CVE-2024-25514 — CVSS 9.4 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_ch…
CVE-2024-25518 — CVSS 9.4 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_a…
CVE-2024-25521 — CVSS 9.4 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.
CVE-2024-25522 — CVSS 9.4 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at…
CVE-2024-25524 — CVSS 9.4 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at…
CVE-2024-25527 — CVSS 9.4 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_s…
CVE-2024-25507 — CVSS 9.4 (critical): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at…
CVE-2024-25526 — CVSS 8.1 (high): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc…
CVE-2024-25512 — CVSS 8.1 (high): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.as…
CVE-2024-25513 — CVSS 7.8 (high): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_down…
CVE-2024-25515 — CVSS 7.3 (high): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at…
CVE-2024-25528 — CVSS 5.9 (medium): RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_s…