Search Results (37646 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-40617 1 Os4ed 1 Opensis 2025-04-16 9.8 Critical
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
CVE-2020-5504 3 Debian, Phpmyadmin, Suse 3 Debian Linux, Phpmyadmin, Suse Linux Enterprise Server 2025-04-16 8.8 High
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
CVE-2019-16693 1 Phpipam 1 Phpipam 2025-04-16 9.8 Critical
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.
CVE-2024-40443 1 Oretnom23 1 Computer Laboratory Management System 2025-04-16 4.3 Medium
SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php
CVE-2022-43872 2 Ibm, Linux 4 Aix, Financial Transaction Manager, Linux On Ibm Z and 1 more 2025-04-16 5.3 Medium
IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708.
CVE-2025-24436 1 Adobe 3 Commerce, Commerce B2b, Magento 2025-04-16 4.3 Medium
Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view select information. Exploitation of this issue does not require user interaction.
CVE-2025-24437 1 Adobe 3 Commerce, Commerce B2b, Magento 2025-04-16 5.4 Medium
Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view or modify select information. Exploitation of this issue does not require user interaction.
CVE-2023-33362 1 Piwigo 1 Piwigo 2025-04-16 9.8 Critical
Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.
CVE-2025-0843 1 Needyamin 1 Library Card System 2025-04-16 7.3 High
A vulnerability was found in needyamin Library Card System 1.0. It has been classified as critical. Affected is an unknown function of the file admindashboard.php of the component Admin Panel. The manipulation of the argument email/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-3188 1 Dataprobe 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more 2025-04-15 5.3 Medium
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.
CVE-2022-34468 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-15 8.8 High
An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
CVE-2022-31742 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-15 6.5 Medium
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
CVE-2022-21145 1 Lansweeper 1 Lansweeper 2025-04-15 4.8 Medium
A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-21210 1 Lansweeper 1 Lansweeper 2025-04-15 8.8 High
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2022-21234 1 Lansweeper 1 Lansweeper 2025-04-15 8.8 High
An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2022-22149 1 Lansweeper 1 Lansweeper 2025-04-15 8.8 High
A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2022-21159 1 Mz-automation 1 Libiec61850 2025-04-15 7.5 High
A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this vulnerability.
CVE-2025-3186 1 Projectworlds 1 Online Doctor Appointment Booking System Php And Mysql 2025-04-15 7.3 High
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /patient/invoice.php. The manipulation of the argument appid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2020-13567 2 Open-emr, Phpgacl Project 2 Openemr, Phpgacl 2025-04-15 9.8 Critical
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2020-13590 1 Rukovoditel 1 Rukovoditel 2025-04-15 7.2 High
Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done either with administrator credentials or through cross-site request forgery.