Search Results (37327 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36503 1 Native-php-cms Project 1 Native-php-cms 2025-03-27 9.8 Critical
SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file.
CVE-2025-24920 1 Mattermost 1 Mattermost Server 2025-03-27 4.3 Medium
Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels
CVE-2022-45097 1 Dell 1 Emc Powerscale Onefs 2025-03-27 6.3 Medium
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.
CVE-2024-9574 1 Soplanning 1 Soplanning 2025-03-27 9.8 Critical
SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
CVE-2024-9573 1 Soplanning 1 Soplanning 2025-03-27 6.3 Medium
SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server.
CVE-2025-2625 1 Westboy 1 Cicadascms 2025-03-27 6.3 Medium
A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /system/cms/content/page. The manipulation of the argument orderField/orderDirection leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-42913 1 Ruoyi 1 Ruoyi 2025-03-26 5.4 Medium
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
CVE-2023-41014 1 Code-projects 1 Online Job Portal 2025-03-26 9.8 Critical
code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via the Username parameter for "Employer."
CVE-2024-25227 1 Abocms 1 Abo.cms 2025-03-26 6.5 Medium
SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page.
CVE-2023-20616 2 Google, Mediatek 45 Android, Mt6580, Mt6735 and 42 more 2025-03-26 6.7 Medium
In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720.
CVE-2022-48114 1 Ruoyi 1 Ruoyi 2025-03-26 9.8 Critical
RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.
CVE-2022-48082 1 Easyone 1 Easyone Crm 2025-03-26 9.8 Critical
Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag.
CVE-2022-45589 1 Talend 1 Esb Runtime 2025-03-26 7.2 High
All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version.
CVE-2023-24029 1 Progress 1 Ws Ftp Server 2025-03-26 7.2 High
In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.
CVE-2022-47450 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-26 5.5 Medium
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
CVE-2022-47333 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-26 5.5 Medium
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
CVE-2022-47332 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-26 5.5 Medium
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
CVE-2022-47330 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-26 5.5 Medium
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
CVE-2022-44421 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-26 5.5 Medium
In wlan driver, there is a possible missing permission check. This could lead to local In wlan driver, information disclosure.
CVE-2021-37316 1 Asus 2 Rt-ac68u, Rt-ac68u Firmware 2025-03-26 7.5 High
SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow.