Search
Search Results (362462 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9574 | 1 Soplanning | 1 Soplanning | 2025-03-27 | 9.8 Critical |
| SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | ||||
| CVE-2024-9573 | 1 Soplanning | 1 Soplanning | 2025-03-27 | 6.3 Medium |
| SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server. | ||||
| CVE-2024-9572 | 1 Soplanning | 1 Soplanning | 2025-03-27 | 6.3 Medium |
| Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session details. | ||||
| CVE-2024-9571 | 1 Soplanning | 1 Soplanning | 2025-03-27 | 6.3 Medium |
| Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to an authenticated user and partially take control of their browser session. | ||||
| CVE-2024-45348 | 1 Mi | 2 Ax9000, Ax9000 Firmware | 2025-03-27 | 6.4 Medium |
| Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code. | ||||
| CVE-2025-2720 | 2025-03-27 | 3.3 Low | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: According to the code maintainer the call of the POC is invalid because the buffer pointed to by "data" must have "len" valid bytes. The docs were updated to make that clear. | ||||
| CVE-2025-31113 | 2025-03-27 | N/A | ||
| Not used | ||||
| CVE-2025-31112 | 2025-03-27 | N/A | ||
| Not used | ||||
| CVE-2025-31111 | 2025-03-27 | N/A | ||
| Not used | ||||
| CVE-2025-31110 | 2025-03-27 | N/A | ||
| Not used | ||||
| CVE-2025-31109 | 2025-03-27 | N/A | ||
| Not used | ||||
| CVE-2025-31108 | 2025-03-27 | N/A | ||
| Not used | ||||
| CVE-2025-31107 | 2025-03-27 | N/A | ||
| Not used | ||||
| CVE-2025-31106 | 2025-03-27 | N/A | ||
| Not used | ||||
| CVE-2025-31105 | 2025-03-27 | N/A | ||
| Not used | ||||
| CVE-2025-2625 | 1 Westboy | 1 Cicadascms | 2025-03-27 | 6.3 Medium |
| A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /system/cms/content/page. The manipulation of the argument orderField/orderDirection leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2496 | 2025-03-26 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-42913 | 1 Ruoyi | 1 Ruoyi | 2025-03-26 | 5.4 Medium |
| RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1. | ||||
| CVE-2024-21102 | 2 Netapp, Oracle | 7 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 4 more | 2025-03-26 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-44551 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2025-03-26 | 9.8 Critical |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. | ||||