Search Results (37652 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-41775 1 Deltaww 1 Diaenergie 2025-04-16 8.8 High
SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVE-2022-43506 1 Deltaww 1 Diaenergie 2025-04-16 8.8 High
SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
CVE-2022-2002 1 Ge 1 Cimplicity 2025-04-16 7.8 High
GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
CVE-2022-2952 1 Ge 1 Cimplicity 2025-04-16 7.8 High
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
CVE-2022-3084 1 Ge 1 Cimplicity 2025-04-16 7.8 High
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code.
CVE-2024-33146 1 J2eefast 1 J2eefast 2025-04-16 9.1 Critical
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function.
CVE-2025-24407 1 Adobe 1 Commerce B2b 2025-04-16 7.1 High
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low privileged attacker could exploit this vulnerability to perform actions with permissions that were not granted leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction.
CVE-2025-24409 1 Adobe 3 Commerce, Commerce B2b, Magento 2025-04-16 8.2 High
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction.
CVE-2024-33164 1 J2eefast 1 J2eefast 2025-04-16 9.8 Critical
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function.
CVE-2024-33161 1 J2eefast 1 J2eefast 2025-04-16 5.3 Medium
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function.
CVE-2024-33155 1 J2eefast 1 J2eefast 2025-04-16 9.8 Critical
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function.
CVE-2024-33153 2 Dromara, J2eefast 2 J2eefast, J2eefast 2025-04-16 9.8 Critical
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function.
CVE-2025-24419 1 Adobe 1 Commerce B2b 2025-04-16 4.3 Medium
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to modify select data. Exploitation of this issue does not require user interaction.
CVE-2024-33149 1 J2eefast 1 J2eefast 2025-04-16 8.1 High
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function.
CVE-2025-24420 1 Adobe 1 Commerce B2b 2025-04-16 4.3 Medium
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to modify select data. Exploitation of this issue does not require user interaction.
CVE-2024-33148 1 J2eefast 1 J2eefast 2025-04-16 7.3 High
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function.
CVE-2024-33147 1 J2eefast 1 J2eefast 2025-04-16 8.8 High
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function.
CVE-2022-21176 1 Airspan 9 A5x, A5x Firmware, C5c and 6 more 2025-04-16 8.6 High
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information.
CVE-2022-21141 1 Airspan 9 A5x, A5x Firmware, C5c and 6 more 2025-04-16 10 Critical
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
CVE-2021-27464 1 Rockwellautomation 1 Factorytalk Assetcentre 2025-04-16 10 Critical
The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.