Search Results (37662 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-48238 1 Wtcms Project 1 Wtcms 2025-04-17 4.7 Medium
WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter.
CVE-2024-48936 1 Schedmd 1 Slurm 2025-04-17 5 Medium
SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.
CVE-2023-6383 1 Bowo 1 Debug Log Manager 2025-04-17 7.5 High
The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data
CVE-2023-46906 1 Juzaweb 1 Cms 2025-04-17 4.9 Medium
juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated.
CVE-2023-47219 1 Qnap 1 Qumagie 2025-04-17 3.5 Low
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later
CVE-2024-0290 1 Kashipara 1 Food Management System 2025-04-17 6.3 Medium
A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stock_edit.php. The manipulation of the argument item_type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249851.
CVE-2024-21736 1 Sap 1 S\/4hana Finance 2025-04-17 6.4 Medium
SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application.
CVE-2024-25517 1 Ruvar 1 Ruvaroa 2025-04-17 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx.
CVE-2024-25518 1 Ruvar 1 Ruvaroa 2025-04-17 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx.
CVE-2024-25519 1 Ruvar 1 Ruvaroa 2025-04-17 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx.
CVE-2024-25520 1 Ruvar 2 Ruvaroa, Ruvaroa 2025-04-17 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx.
CVE-2024-25521 1 Ruvar 2 Ruvaroa, Ruvaroa 2025-04-17 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.
CVE-2024-25522 1 Ruvar 1 Ruvaroa 2025-04-17 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx.
CVE-2024-25523 1 Ruvar 2 Ruvaroa, Ruvaroa 2025-04-17 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx.
CVE-2024-25524 1 Ruvar 1 Ruvaroa 2025-04-17 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx.
CVE-2024-25525 1 Ruvar 2 Ruvaroa, Ruvaroa 2025-04-17 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx.
CVE-2024-25526 1 Ruvar 1 Ruvaroa 2025-04-17 8.1 High
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx.
CVE-2024-25527 1 Ruvar 2 Ruvaroa, Ruvaroa 2025-04-17 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.
CVE-2024-25529 2 Guangzhou Luhua Information Technology, Ruvar 2 Ruvaroa, Ruvaroa 2025-04-17 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx.
CVE-2024-25530 1 Ruvar 1 Ruvaroa 2025-04-17 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx.