Search Results (37320 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-24219 1 Luckyframe 1 Luckyframeweb 2025-03-18 9.8 Critical
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml.
CVE-2023-23279 1 Canteen Management System Project 1 Canteen Management System 2025-03-18 9.8 Critical
Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php.
CVE-2023-23007 1 Ecisp 1 Espcms 2025-03-18 7.2 High
An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added.
CVE-2022-40347 1 Intern Record System Project 1 Intern Record System 2025-03-18 9.8 Critical
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.
CVE-2022-40032 1 Simple Task Managing System Project 1 Simple Task Managing System 2025-03-18 9.8 Critical
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.
CVE-2022-32933 2 Apple, Redhat 3 Macos, Enterprise Linux, Rhel Els 2025-03-18 5.3 Medium
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode.
CVE-2024-31813 1 Totolink 2 Ex200, Ex200 Firmware 2025-03-18 8.4 High
TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.
CVE-2024-0709 1 Coolplugins 1 Cryptocurrency Widgets 2025-03-18 9.8 Critical
The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2024-54929 1 Lopalopa 1 E-learning Management System 2025-03-18 7.2 High
KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.
CVE-2025-21527 1 Oracle 1 Jd Edwards Enterpriseone Tools 2025-03-17 6.1 Medium
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CVE-2025-21517 1 Oracle 1 Jd Edwards Enterpriseone Tools 2025-03-17 4.3 Medium
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
CVE-2025-21514 1 Oracle 1 Jd Edwards Enterpriseone Tools 2025-03-17 5.3 Medium
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2024-25896 1 Churchcrm 1 Churchcrm 2025-03-17 5.3 Medium
ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EID POST parameter.
CVE-2024-25894 1 Churchcrm 1 Churchcrm 2025-03-17 9.8 Critical
ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter.
CVE-2024-25893 1 Churchcrm 1 Churchcrm 2025-03-17 9.1 Critical
ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.
CVE-2024-25892 1 Churchcrm 1 Churchcrm 2025-03-17 8.1 High
ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection (Time-based) via the familyId GET parameter.
CVE-2023-26093 1 Puzzle 1 Liima 2025-03-17 9.8 Critical
Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter.
CVE-2023-21015 1 Google 1 Android 2025-03-17 7.8 High
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569778
CVE-2023-0952 1 Devolutions 1 Devolutions Server 2025-03-17 6.5 Medium
Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization.
CVE-2024-25891 1 Churchcrm 1 Churchcrm 2025-03-17 7.5 High
ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.