Search Results (37657 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-57657 1 Openlinksw 1 Virtuoso 2025-04-17 7.5 High
An issue in the sqlg_vec_upd component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2024-57658 1 Openlinksw 1 Virtuoso 2025-04-17 7.5 High
An issue in the sql_tree_hash_1 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2023-42235 1 Seling 1 Visual Access Manager 2025-04-17 3.8 Low
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php.
CVE-2023-42236 1 Seling 1 Visual Access Manager 2025-04-17 3.8 Low
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php.
CVE-2023-42237 1 Seling 1 Visual Access Manager 2025-04-17 3.8 Low
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.
CVE-2023-42238 1 Seling 1 Visual Access Manager 2025-04-17 3.8 Low
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php.
CVE-2023-42239 1 Seling 1 Visual Access Manager 2025-04-17 3.8 Low
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php.
CVE-2023-42240 1 Seling 1 Visual Access Manager 2025-04-17 3.8 Low
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php.
CVE-2023-42241 1 Seling 1 Visual Access Manager 2025-04-17 3.8 Low
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.
CVE-2023-42242 1 Seling 1 Visual Access Manager 2025-04-17 3.8 Low
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php.
CVE-2023-42243 1 Seling 1 Visual Access Manager 2025-04-17 5.4 Medium
In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries.
CVE-2023-42244 1 Seling 1 Visual Access Manager 2025-04-17 8.8 High
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php.
CVE-2024-20010 2 Google, Mediatek 58 Android, Mt6580, Mt6731 and 55 more 2025-04-17 6.7 Medium
In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560.
CVE-2022-26423 1 Aethon 1 Tug Home Base Server 2025-04-17 8.2 High
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
CVE-2022-1070 1 Aethon 1 Tug Home Base Server 2025-04-17 8.2 High
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
CVE-2022-1066 1 Aethon 1 Tug Home Base Server 2025-04-17 8.2 High
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
CVE-2021-32960 1 Rockwellautomation 1 Factorytalk Services Platform 2025-04-17 8.5 High
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine.
CVE-2024-0363 1 Phpgurukul 1 Hospital Management System 2025-04-17 5.5 Medium
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability.
CVE-2025-24421 1 Adobe 3 Commerce, Commerce B2b, Magento 2025-04-17 4.3 Medium
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction
CVE-2022-41962 1 Bigbluebutton 1 Bigbluebutton 2025-04-17 2.7 Low
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to set none as the status of other users. This issue is patched in 2.4-rc-6 and 2.5-alpha-1There are no workarounds.