Search Results (37327 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36225 1 Westerndigital 2 My Cloud Os, My Cloud Pr4100 2025-03-26 8.8 High
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.
CVE-2025-2624 1 Westboy 1 Cicadascms 2025-03-26 6.3 Medium
A vulnerability was found in westboy CicadasCMS 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/cms/content/save. The manipulation of the argument content/fujian/laiyuan leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-25014 1 In2code 1 Femanager 2025-03-26 8.6 High
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.
CVE-2021-36433 1 Jocms Project 1 Jocms 2025-03-26 9.1 Critical
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php.
CVE-2021-36432 1 Jocms Project 1 Jocms 2025-03-26 7.5 High
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php.
CVE-2021-36431 1 Jocms Project 1 Jocms 2025-03-26 9.1 Critical
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php.
CVE-2021-36484 1 Jizhicms 1 Jizhicms 2025-03-26 9.8 Critical
SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page.
CVE-2021-36434 1 Jocms Project 1 Jocms 2025-03-26 9.1 Critical
SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php.
CVE-2023-23948 1 Owncloud 1 Owncloud Client 2025-03-26 6.2 Medium
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0.
CVE-2022-42909 1 Wepanow 1 Print Away 2025-03-26 6.5 Medium
WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don“t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in.
CVE-2024-33247 1 Oretnom23 1 Employee Task Management System 2025-03-26 8.8 High
Sourcecodester Employee Task Management System v1.0 is vulnerable to SQL Injection via admin-manage-user.php.
CVE-2022-47367 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-26 4.8 Medium
In bluetooth driver, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2022-47325 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-26 6.4 Medium
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
CVE-2022-47324 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-26 6.4 Medium
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
CVE-2025-2654 1 Oretnom23 1 Ac Repair And Services System 2025-03-26 7.3 High
A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/services/manage_service.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-0678 1 Phpipam 1 Phpipam 2025-03-26 5.3 Medium
Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.
CVE-2022-43665 1 Estsoft 1 Alyac 2025-03-26 5.5 Medium
A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2023-24201 1 Oretnom23 1 Raffle Draw System 2025-03-26 9.8 Critical
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php.
CVE-2023-24200 1 Oretnom23 1 Raffle Draw System 2025-03-26 9.8 Critical
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php.
CVE-2023-24199 1 Oretnom23 1 Raffle Draw System 2025-03-26 9.8 Critical
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php.