Search Results (37654 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-23490 1 Bigbluebutton 1 Bigbluebutton 2025-04-17 4.3 Medium
BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds.
CVE-2022-23488 1 Bigbluebutton 1 Bigbluebutton 2025-04-17 6.5 Medium
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when the lock setting is applied. (The required streamId was being sent to all users even with lock setting applied). This issue is fixed in version 2.4-rc-6. There are no workarounds.
CVE-2022-46076 1 Dlink 4 Dir-869, Dir-869 Firmware, Dir-869ax and 1 more 2025-04-17 7.5 High
D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi.
CVE-2022-3961 1 Wpwax 1 Directorist 2025-04-17 6.5 Medium
The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information.
CVE-2025-21613 2 Go-git Project, Redhat 9 Go-git, Advanced Cluster Security, Enterprise Linux and 6 more 2025-04-17 9.8 Critical
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.
CVE-2024-12936 1 Code-projects 1 Simple Admin Panel 2025-04-17 6.3 Medium
A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipulation of the argument record leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12946 1 1000projects 1 Attendance Tracking Management System 2025-04-17 7.3 High
A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/admin_action.php. The manipulation of the argument admin_user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12927 1 1000projects 1 Attendance Tracking Management System 2025-04-17 7.3 High
A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected by this issue is some unknown functionality of the file /faculty/check_faculty_login.php. The manipulation of the argument faculty_emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12935 1 Code-projects 1 Simple Admin Panel 2025-04-17 6.3 Medium
A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-46374 2 Best House Rental Management System, Mayurik 2 Best House Rental Management System, Best House Rental Management System 2025-04-16 9.8 Critical
Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php.
CVE-2024-25507 1 Ruvar 2 Ruvaroa, Ruvaroa 2025-04-16 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx.
CVE-2024-25508 2 Guangzhou Luhua Information Technology, Ruvar 2 Ruvaroa, Ruvaroa 2025-04-16 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx.
CVE-2024-25512 1 Ruvar 1 Ruvaroa 2025-04-16 8.1 High
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx.
CVE-2024-25509 1 Ruvar 1 Ruvaroa 2025-04-16 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.
CVE-2024-25510 2 Guangzhou Luhua Information Technology, Ruvar 2 Ruvaroa, Ruvaroa 2025-04-16 9.8 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx.
CVE-2024-25511 1 Ruvar 2 Ruvaroa, Ruvaroa 2025-04-16 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx.
CVE-2024-25513 1 Ruvar 1 Ruvaroa 2025-04-16 7.8 High
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx.
CVE-2024-25514 1 Ruvar 1 Ruvaroa 2025-04-16 9.4 Critical
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx.
CVE-2024-25515 1 Ruvar 1 Ruvaroa 2025-04-16 7.3 High
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx.
CVE-2025-23053 1 Arubanetworks 1 Fabric Composer 2025-04-16 6.5 Medium
A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Successful exploitation could allow an authenticated low privilege operator user to change the state of certain settings of a vulnerable system.