Search Results (37325 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-57162 1 Campcodes 1 Cybercafe Management System 2025-03-19 7.2 High
Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php.
CVE-2024-47487 1 Hikvision 1 Hikcentral Professional 2025-03-19 8.8 High
There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries.
CVE-2024-30163 1 Invisioncommunity 1 Invisioncommunity 2025-03-19 9.8 Critical
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. This can be exploited by unauthenticated attackers to carry out Blind SQL Injection attacks.
CVE-2023-25768 1 Jenkins 1 Azure Credentials 2025-03-19 6.5 Medium
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.
CVE-2023-25766 1 Jenkins 1 Azure Credentials 2025-03-19 4.3 Medium
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2021-32441 1 Exponentcms 1 Exponent Cms 2025-03-19 7.5 High
SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.
CVE-2023-7020 1 Tongda2000 1 Office Anywhere 2025-03-19 6.3 Medium
A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. This issue affects some unknown processing of the file general/wiki/cp/ct/view.php. The manipulation of the argument TEMP_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248567. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-7023 1 Tongda2000 1 Office Anywhere 2025-03-19 6.3 Medium
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/vehicle/query/delete.php. The manipulation of the argument VU_ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-248570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-7180 1 Tongda2000 1 Office Anywhere 2025-03-19 5.5 Medium
A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249367. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-23854 1 Sap 1 Netweaver Application Server Abap 2025-03-19 3.8 Low
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2024-29172 1 Dell 1 Bsafe Ssl-j 2025-03-19 5.9 Medium
Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service.
CVE-2024-57032 1 Wegia 1 Wegia 2025-03-19 9.8 Critical
WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field.
CVE-2023-24485 1 Citrix 1 Workspace 2025-03-19 7.8 High
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.
CVE-2020-29168 1 Online Doctor Appointment Booking System Php And Mysql Project 1 Online Doctor Appointment Booking System Php And Mysql 2025-03-19 9.8 Critical
SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint.
CVE-2024-25320 1 Tongda2000 2 Office Anywhere, Office Anywhere 2017 2025-03-19 9.8 Critical
Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.
CVE-2024-40393 1 Angeljudesuarez 1 Online Clinic Management System 2025-03-18 9.8 Critical
Online Clinic Management System In PHP With Free Source code v1.0 was discovered to contain a SQL injection vulnerability via the user parameter at login.php.
CVE-2023-31084 5 Debian, Fedoraproject, Linux and 2 more 8 Debian Linux, Fedora, Linux Kernel and 5 more 2025-03-18 5.5 Medium
An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.
CVE-2023-23850 1 Jenkins 1 Synopsys Coverity 2025-03-18 4.3 Medium
A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2023-23848 1 Jenkins 1 Synopsys Coverity 2025-03-18 4.3 Medium
Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2023-23064 1 Totolink 2 A720r, A720r Firmware 2025-03-18 9.8 Critical
TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.