Search Results (362462 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-9574 1 Soplanning 1 Soplanning 2025-03-27 9.8 Critical
SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
CVE-2024-9573 1 Soplanning 1 Soplanning 2025-03-27 6.3 Medium
SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server.
CVE-2024-9572 1 Soplanning 1 Soplanning 2025-03-27 6.3 Medium
Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session details.
CVE-2024-9571 1 Soplanning 1 Soplanning 2025-03-27 6.3 Medium
Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to an authenticated user and partially take control of their browser session.
CVE-2024-45348 1 Mi 2 Ax9000, Ax9000 Firmware 2025-03-27 6.4 Medium
Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code.
CVE-2025-2720 2025-03-27 3.3 Low
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: According to the code maintainer the call of the POC is invalid because the buffer pointed to by "data" must have "len" valid bytes. The docs were updated to make that clear.
CVE-2025-31113 2025-03-27 N/A
Not used
CVE-2025-31112 2025-03-27 N/A
Not used
CVE-2025-31111 2025-03-27 N/A
Not used
CVE-2025-31110 2025-03-27 N/A
Not used
CVE-2025-31109 2025-03-27 N/A
Not used
CVE-2025-31108 2025-03-27 N/A
Not used
CVE-2025-31107 2025-03-27 N/A
Not used
CVE-2025-31106 2025-03-27 N/A
Not used
CVE-2025-31105 2025-03-27 N/A
Not used
CVE-2025-2625 1 Westboy 1 Cicadascms 2025-03-27 6.3 Medium
A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /system/cms/content/page. The manipulation of the argument orderField/orderDirection leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2496 2025-03-26 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-42913 1 Ruoyi 1 Ruoyi 2025-03-26 5.4 Medium
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
CVE-2024-21102 2 Netapp, Oracle 7 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 4 more 2025-03-26 4.9 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2024-44551 1 Tenda 2 Ax1806, Ax1806 Firmware 2025-03-26 9.8 Critical
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv.