Search Results (37331 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-40477 1 Phpgurukul 1 Old Age Home Management System 2025-03-31 9.8 Critical
A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter.
CVE-2024-43286 1 Squirrly 1 Seo Plugin By Squirrly Seo 2025-03-31 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.19.
CVE-2024-20417 1 Cisco 2 Identity Services Engine, Identity Services Engine Software 2025-03-31 6.5 Medium
Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these vulnerabilities by sending crafted input to an affected device. A successful exploit could allow the attacker to view or modify data on the affected device.
CVE-2024-20466 1 Cisco 1 Identity Services Engine 2025-03-31 6.5 Medium
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.
CVE-2023-23751 1 Joomla 1 Joomla\! 2025-03-29 4.3 Medium
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
CVE-2024-28155 1 Jenkins 1 Appspider 2025-03-29 4.3 Medium
Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.
CVE-2024-25422 1 Sem-cms 1 Semcms 2025-03-29 9.8 Critical
SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component.
CVE-2024-0043 1 Google 1 Android 2025-03-29 7.8 High
In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-31402 1 Cybozu 1 Garoon 2025-03-28 4.3 Medium
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
CVE-2024-2887 2 Fedoraproject, Google 2 Fedora, Chrome 2025-03-28 8.1 High
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2023-52352 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-28 6.2 Medium
In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed
CVE-2025-25462 1 Phpgurukul 1 Land Record System 2025-03-28 5.5 Medium
A SQL Injection vulnerability was found in /admin/add-propertytype.php in PHPGurukul Land Record System Project in PHP v1.0 allows remote attackers to execute arbitrary code via the propertytype POST request parameter.
CVE-2025-28011 1 Phpgurukul 1 User Registration \& Login And User Management System 2025-03-28 6.1 Medium
A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.
CVE-2025-27103 1 Dataease 1 Dataease 2025-03-28 6.5 Medium
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available.
CVE-2025-28015 1 Phpgurukul 1 User Registration \& Login And User Management System 2025-03-28 5.3 Medium
A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters.
CVE-2025-25389 1 Phpgurukul 1 Land Record System 2025-03-28 9.8 Critical
A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.
CVE-2025-25876 1 Angeljudesuarez 1 Simple Chatbox 2025-03-28 7.2 High
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /delete.php. The attack can use SQL injection to obtain sensitive data.
CVE-2025-25875 1 Angeljudesuarez 1 Simple Chatbox 2025-03-28 6.4 Medium
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /message.php. The attack can use SQL injection to obtain sensitive data.
CVE-2025-25388 1 Phpgurukul 1 Land Record System 2025-03-28 9.8 Critical
A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid GET request parameter.
CVE-2025-25387 1 Phpgurukul 1 Land Record System 2025-03-28 7.2 High
A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST request parameter.