Search Results (37384 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-23492 1 Idehweb 1 Login With Phone Number 2025-04-03 8.8 High
The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action.
CVE-2023-23490 1 Ays-pro 1 Survey Maker 2025-04-03 8.8 High
The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action.
CVE-2023-23489 1 Sandhillsdev 1 Easy Digital Downloads 2025-04-03 9.8 Critical
The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.
CVE-2023-23488 1 Strangerstudios 1 Paid Memberships Pro 2025-04-03 9.8 Critical
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
CVE-2023-22366 1 Omron 2 Cx-motion-mch, Cx-motion-mch Firmware 2025-04-03 7.8 High
CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Having a user to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
CVE-2023-0242 1 Rapid7 1 Velociraptor 2025-04-03 8.8 High
Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. The VQL copy() function applies permission checks for reading files but does not check for permission to write files. This allows a low privilege user (usually, users with the Velociraptor "investigator" role) to overwrite files on the server, including Velociraptor configuration files. To exploit this vulnerability, the attacker must already have a Velociraptor user account at a low privilege level (at least "analyst") and be able to log into the GUI and create a notebook where they can run the VQL query invoking the copy() VQL function. Typically, most users deploy Velociraptor with limited access to a trusted group (most users will be administrators within the GUI). This vulnerability is associated with program files https://github.Com/Velocidex/velociraptor/blob/master/vql/filesystem/copy.go https://github.Com/Velocidex/velociraptor/blob/master/vql/filesystem/copy.go and program routines copy(). This issue affects Velociraptor versions before 0.6.7-5. Version 0.6.7-5, released January 16, 2023, fixes the issue.
CVE-2022-48152 1 Remoteclinic 1 Remote Clinic 2025-04-03 9.8 Critical
SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php.
CVE-2022-46887 1 Nexusphp 1 Nexusphp 2025-04-03 9.8 Critical
Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow remote attackers to execute arbitrary SQL commands via the conuser[] parameter in takeconfirm.php; the delcheater parameter in cheaterbox.php; or the usernw parameter in nowarn.php.
CVE-2022-41417 1 Blogengine 1 Blogengine.net 2025-04-03 9.8 Critical
BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/.
CVE-2022-47105 1 Jeecg 1 Jeecg Boot 2025-04-03 9.8 Critical
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData.
CVE-2022-34399 1 Dell 30 Alienware M15 A6, Alienware M15 A6 Firmware, Alienware M15 Ryzen Edition R5 and 27 more 2025-04-03 5.1 Medium
Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.
CVE-2012-10006 1 Sigeprosi Project 1 Sigeprosi 2025-04-03 5.5 Medium
A vulnerability classified as critical has been found in ale7714 sigeprosi. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 5291886f6c992316407c376145d331169c55f25b. It is recommended to apply a patch to fix this issue. The identifier VDB-218493 was assigned to this vulnerability.
CVE-2021-26644 2 Mangboard, Microsoft 2 Mangboard Wp, Windows 2025-04-03 8.8 High
SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.
CVE-2025-25363 1 Thepluginpeople 1 Enterprise Mail Handler 2025-04-03 6.5 Medium
An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload into the HTML field of a template.
CVE-2024-55509 1 Codeastro 1 Complaint Management System 2025-04-03 9.8 Critical
SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component.
CVE-2024-12890 1 Code-projects 1 Online Exam Mastering System 2025-04-03 6.3 Medium
A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12891 1 Code-projects 1 Online Exam Mastering System 2025-04-03 6.3 Medium
A vulnerability classified as critical has been found in code-projects Online Exam Mastering System 1.0. Affected is an unknown function of the file /account.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12926 1 Codezips 1 Project Management System 2025-04-03 6.3 Medium
A vulnerability classified as critical was found in Codezips Project Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/forms/advanced.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-12928 1 Code-projects 1 Simple Admin Panel 2025-04-03 6.3 Medium
A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. This affects an unknown part. The manipulation of the argument c_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12929 1 Code-projects 1 Student Management System 2025-04-03 6.3 Medium
A vulnerability has been found in code-projects Student Management System 1.0.00 and classified as critical. This vulnerability affects unknown code of the file /addCatController.php. The manipulation of the argument size leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.