Search Results (37327 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-46285 2 Redhat, X.org 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2025-03-25 7.5 High
A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.
CVE-2022-45526 1 Institutional Management Website Project 1 Institutional Management Website 2025-03-25 9.8 Critical
SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php.
CVE-2024-3039 2 Shanghai Brad Technology Bladex Project, Shanghi Brad Technology 2 Shanghai Brad Technology Bladex, Bladex 2025-03-25 6.3 Medium
A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-3085 1 Phpgurukul 1 Emergency Ambulance Hiring Portal 2025-03-25 7.3 High
A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258678 is the identifier assigned to this vulnerability.
CVE-2024-7266 1 Nask 1 Ezd Rp 2025-03-25 4.3 Medium
Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other organizations. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.
CVE-2024-3552 1 Salephpscripts 1 Web Directory Free 2025-03-25 9.8 Critical
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.
CVE-2023-52538 1 Huawei 2 Emui, Harmonyos 2025-03-25 9.1 Critical
Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2022-48302 1 Huawei 2 Emui, Harmonyos 2025-03-24 7.5 High
The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2023-21422 1 Samsung 1 Android 2025-03-24 5.7 Medium
Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
CVE-2023-21423 1 Samsung 1 Android 2025-03-24 5.1 Medium
Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
CVE-2023-21424 1 Samsung 1 Android 2025-03-24 5.1 Medium
Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
CVE-2023-24685 1 Churchcrm 1 Churchcrm 2025-03-24 7.2 High
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.
CVE-2023-24684 1 Churchcrm 1 Churchcrm 2025-03-24 7.2 High
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.
CVE-2023-21450 1 Samsung 1 One Hand Operation \+ 2025-03-24 2.3 Low
Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting.
CVE-2023-21440 1 Samsung 1 Android 2025-03-24 6.2 Medium
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.
CVE-2023-0758 1 Jfinaloa Project 1 Jfinaloa 2025-03-24 6.3 Medium
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220469 was assigned to this vulnerability.
CVE-2022-25734 1 Qualcomm 70 Ar8031, Ar8031 Firmware, Csra6620 and 67 more 2025-03-24 7.5 High
Denial of service in modem due to missing null check while processing IP packets with padding
CVE-2024-57031 1 Wegia 1 Wegia 2025-03-24 9.8 Critical
WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter.
CVE-2019-15839 1 Sinaextra 1 Sina Extension For Elementor 2025-03-24 N/A
The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion.
CVE-2025-2684 1 Phpgurukul 1 Bank Locker Management System 2025-03-24 7.3 High
A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. This issue affects some unknown processing of the file /search-report-details.php. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.