Search Results (37330 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-25248 1 Niushop 1 B2b2c Multi-business 2025-03-27 9.8 Critical
SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the order_id parameter.
CVE-2023-23331 1 Amano 1 Xoffice 2025-03-27 9.8 Critical
Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection.
CVE-2022-4205 1 Gitlab 1 Gitlab 2025-03-27 6.3 Medium
In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.
CVE-2024-28558 1 Mayurik 1 Petrol Pump Management 2025-03-27 8.8 High
SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php.
CVE-2024-25217 1 Oretnom23 1 Online Medicine Ordering System 2025-03-27 8.8 High
Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product.
CVE-2024-24105 1 Carmelo 1 Computer Science Time Table System 2025-03-27 7.8 High
SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php.
CVE-2022-4872 1 Chained Products Project 1 Chained Products 2025-03-27 4.3 Medium
The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'
CVE-2024-5693 2 Mozilla, Redhat 7 Firefox, Thunderbird, Enterprise Linux and 4 more 2025-03-27 6.1 Medium
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
CVE-2024-2915 1 Devolutions 1 Devolutions Server 2025-03-27 8.8 High
Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request.
CVE-2022-45297 1 Eq Project 1 Eq 2025-03-27 9.8 Critical
EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.
CVE-2022-45172 1 Liveboxcloud 1 Vdesk 2025-03-27 9.8 Critical
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorization logic, through which a malicious user (with no privileges) is able to perform privilege escalation to the administrator role, and steal the accounts of any users on the system.
CVE-2022-45435 1 Sailpoint 1 Identityiq 2025-03-27 6.8 Medium
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration.
CVE-2022-27596 1 Qnap 2 Qts, Quts Hero 2025-03-27 9.8 Critical
A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later
CVE-2025-2674 1 Phpgurukul 1 Bank Locker Management System 2025-03-27 7.3 High
A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-24829 1 Apache 1 Iotdb 2025-03-27 8.8 High
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.
CVE-2025-2383 1 Phpgurukul 1 Doctor Appointment Management System 2025-03-27 7.3 High
A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2386 1 Phpgurukul 1 Local Services Search Engine Management System 2025-03-27 7.3 High
A vulnerability was found in PHPGurukul Local Services Search Engine Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /serviceman-search.php. The manipulation of the argument location leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2681 1 Phpgurukul 1 Bank Locker Management System 2025-03-27 7.3 High
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /edit-locker.php?ltid=6. The manipulation of the argument lockersize leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2682 1 Phpgurukul 1 Bank Locker Management System 2025-03-27 7.3 High
A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /edit-subadmin.php?said=3. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2683 1 Phpgurukul 1 Bank Locker Management System 2025-03-27 7.3 High
A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.