Search Results (37326 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-0771 1 Ampache 1 Ampache 2025-03-24 8.8 High
SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop.
CVE-2024-38707 1 Wpdeveloper 1 Embedpress 2025-03-24 6.3 Medium
Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4.
CVE-2021-25069 1 W3eden 1 Download Manager 2025-03-21 8.8 High
The Download Manager WordPress plugin before 3.2.34 does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue
CVE-2023-24084 1 Chikoi Project 1 Chikoi 2025-03-21 9.8 Critical
ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function.
CVE-2023-22854 1 Mitel 1 Micontact Center Business 2025-03-21 9.1 Critical
The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL parameters. A successful exploit could allow access to sensitive information.
CVE-2022-45962 1 Os4ed 1 Opensis 2025-03-21 6.5 Medium
Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php.
CVE-2022-4546 1 Conceptbeans 1 Mapwiz 2025-03-21 7.2 High
The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
CVE-2021-25087 1 W3eden 1 Download Manager 2025-03-21 7.5 High
The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25).
CVE-2025-24974 1 Dataease 1 Dataease 2025-03-21 6.5 Medium
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available.
CVE-2025-27138 1 Dataease 1 Dataease 2025-03-21 9.8 Critical
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known workarounds are available.
CVE-2022-34397 1 Dell 3 Evasa Provider Virtual Appliance, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance 2025-03-21 6.9 Medium
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.
CVE-2024-41767 3 Ibm, Linux, Microsoft 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more 2025-03-21 7.3 High
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
CVE-2024-54920 1 Lopalopa 1 E-learning Management System 2025-03-20 9.8 Critical
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
CVE-2024-42573 2 Arajajyothibabu, School Management System Project 2 School Management System, School Management System 2025-03-20 9.8 Critical
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php.
CVE-2023-23455 3 Debian, Linux, Redhat 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more 2025-03-20 5.5 Medium
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2023-23454 3 Debian, Linux, Redhat 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more 2025-03-20 5.5 Medium
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2023-0133 1 Google 2 Android, Chrome 2025-03-20 6.5 Medium
Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-45168 1 Liveboxcloud 1 Vdesk 2025-03-20 6.5 Medium
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP.
CVE-2024-38783 1 Tychesoftwares 2 Acronix Faq, Arconix Faq 2025-03-20 5.3 Medium
Missing Authorization vulnerability in Tyche Softwares Arconix FAQ allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix FAQ: from n/a through 1.9.4.
CVE-2024-38769 1 Tychesoftwares 1 Arconix Shortcodes 2025-03-20 5.3 Medium
Missing Authorization vulnerability in Tyche Softwares Arconix Shortcodes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix Shortcodes: from n/a through 2.1.11.