Search Results (37326 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-24524 1 Sap 1 S\/4hana 2025-03-20 6.5 Medium
SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability.
CVE-2023-24528 1 Sap 1 Fiori 2025-03-20 6.5 Medium
SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents.
CVE-2023-24561 1 Siemens 1 Solid Edge Se2023 2025-03-20 7.8 High
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2023-24562 1 Siemens 1 Solid Edge Se2023 2025-03-20 7.8 High
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2023-24563 1 Siemens 1 Solid Edge Se2023 2025-03-20 7.8 High
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2024-31506 2 Online Graduate Tracer System Project, Tamparongj03 2 Online Graduate Tracer System, Online Graduate Tracer System 2025-03-20 4.9 Medium
Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "id" parameter in admin/admin_cs.php.
CVE-2023-0019 1 Sap 1 Grc Process Control 2025-03-20 6.5 Medium
In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. Successful exploitation of this vulnerability can expose user credentials from client-specific tables of the database, leading to high impact on confidentiality.
CVE-2022-41216 1 Hybridsoftware 1 Cloudflow 2025-03-20 8.3 High
Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential information from the system.
CVE-2024-22298 1 Tms-outsource 1 Amelia 2025-03-20 5.3 Medium
Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98.
CVE-2021-38239 1 Dataease 1 Dataease 2025-03-20 7.5 High
SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.
CVE-2021-34117 1 Seopanel 1 Seo Panel 2025-03-20 7.5 High
SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.
CVE-2021-33925 1 Cms-corephp Project 1 Cms-corephp 2025-03-20 9.8 Critical
SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login.
CVE-2020-21120 1 Uqcms 1 Uqcms 2025-03-20 9.8 Critical
SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num.
CVE-2020-21119 1 Kliqqi 1 Kliqqi Cms 2025-03-20 9.8 Critical
SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code.
CVE-2023-24978 1 Siemens 1 Tecnomatix Plant Simulation 2025-03-20 7.8 High
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19788)
CVE-2024-34799 1 Reputeinfosystems 1 Bookingpress 2025-03-20 6.5 Medium
Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82.
CVE-2024-36265 1 Apache 1 Submarine 2025-03-19 9.8 Critical
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-23459 2 Microsoft, Priority-software 2 Windows, Priority 2025-03-19 9.1 Critical
Priority Windows may allow Command Execution via SQL Injection using an unspecified method.
CVE-2022-38868 1 Ehoney Project 1 Ehoney 2025-03-19 7.2 High
SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code.
CVE-2024-43331 1 Veronalabs 1 Wp Sms 2025-03-19 5.3 Medium
Missing Authorization vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.9.3.