Search Results (37653 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-33444 1 Onethink 1 Onethink 2025-04-16 9.8 Critical
SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component.
CVE-2023-49982 2 Oretnom23, Sourcecodester 2 School Fees Management System, School Fees Management System 2025-04-16 8.8 High
Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts.
CVE-2024-2587 1 Amss\+\+ Project 1 Amss\+\+ 2025-04-16 8.2 High
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
CVE-2024-2588 1 Amss\+\+ Project 1 Amss\+\+ 2025-04-16 8.2 High
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
CVE-2021-43938 1 Smartptt 1 Scada Server 2025-04-16 8.1 High
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization.
CVE-2022-1358 1 Cambiumnetworks 1 Cnmaestro 2025-04-16 5.9 Medium
The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database.
CVE-2022-1361 1 Cambiumnetworks 1 Cnmaestro 2025-04-16 7.4 High
The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices.
CVE-2021-32965 1 Deltaww 1 Diascreen 2025-04-16 7.8 High
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.
CVE-2022-28690 1 Hornerautomation 1 Cscape 2025-04-16 7.8 High
The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code.
CVE-2022-29488 1 Hornerautomation 1 Cscape 2025-04-16 7.8 High
The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code.
CVE-2022-30540 1 Hornerautomation 1 Cscape 2025-04-16 7.8 High
The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code
CVE-2022-2136 1 Advantech 1 Iview 2025-04-16 8.8 High
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.
CVE-2022-2142 1 Advantech 1 Iview 2025-04-16 8.1 High
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.
CVE-2022-2894 1 Measuresoft 1 Scadapro Server 2025-04-16 7.8 High
Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file.
CVE-2022-40967 1 Deltaww 1 Diaenergie 2025-04-16 8.8 High
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
CVE-2022-41773 1 Deltaww 1 Diaenergie 2025-04-16 8.8 High
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
CVE-2022-41133 1 Deltaww 1 Diaenergie 2025-04-16 8.8 High
The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries.
CVE-2022-3378 1 Hornerautomation 1 Cscape 2025-04-16 7.8 High
Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write.
CVE-2022-3377 1 Hornerautomation 1 Cscape 2025-04-16 7.8 High
Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory read.
CVE-2022-43447 1 Deltaww 1 Diaenergie 2025-04-16 8.8 High
SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network