Search Results (37409 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-44439 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44438 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44436 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44434 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44424 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44423 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44422 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-39104 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with no additional execution privileges needed.
CVE-2022-39088 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39087 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39086 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39085 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2025-30364 1 Wegia 1 Wegia 2025-04-10 9.8 Critical
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the id_funcionario parameter. This vulnerability allows the execution of arbitrary SQL commands, which can compromise the confidentiality, integrity, and availability of stored data. Version 3.2.8 fixes the issue.
CVE-2025-30365 1 Wegia 1 Wegia 2025-04-10 9.8 Critical
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/query_geracao_auto.php, specifically in the query parameter. This vulnerability allows the execution of arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. Version 3.2.8 fixes the issue.
CVE-2021-29099 1 Esri 1 Arcgis Server 2025-04-10 5.3 Medium
A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (file Geodatabase or Shape Files or tile cached services) are unaffected by this issue.
CVE-2022-44435 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2021-29113 1 Esri 1 Arcgis Server 2025-04-10 4.7 Medium
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page.
CVE-2021-29114 1 Esri 1 Arcgis Server 2025-04-10 9.8 Critical
A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.
CVE-2022-38210 1 Esri 1 Portal For Arcgis 2025-04-10 6.1 Medium
There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
CVE-2025-30367 1 Wegia 1 Wegia 2025-04-10 9.8 Critical
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. Version 3.2.6 contains a fix for the issue.