Search Results (37319 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-21083 1 Oracle 1 Bi Publisher 2025-03-17 7.2 High
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
CVE-2024-21010 1 Oracle 1 Hospitality Simphony 2025-03-17 9.9 Critical
Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVE-2024-7265 2 Nask, Nask-pib 2 Ezd Rp, Ezd Rp 2025-03-17 8.8 High
Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.
CVE-2024-10153 1 Phpgurukul 1 Boat Booking System 2025-03-16 6.3 Medium
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument bookingdatefrom/nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-45506 1 Haproxy 1 Haproxy 2025-03-14 7.5 High
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.
CVE-2024-22280 1 Vmware 2 Aria Automation, Cloud Foundation 2025-03-14 8.5 High
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
CVE-2022-45677 1 Tuition Management System Project 1 Tuition Management System 2025-03-14 9.8 Critical
SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter to processes/student_login.process.php.
CVE-2020-16297 4 Artifex, Canonical, Debian and 1 more 4 Ghostscript, Ubuntu Linux, Debian Linux and 1 more 2025-03-14 5.5 Medium
A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVE-2024-57034 1 Wegia 1 Wegia 2025-03-14 9.8 Critical
WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter.
CVE-2025-25513 1 Seacms 1 Seacms 2025-03-14 9.8 Critical
Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.
CVE-2024-0780 2 Mediabeta, Mediabetaprojects 2 Enjoy Social Feed, Enjoy Social Feed 2025-03-14 8.8 High
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action
CVE-2024-6512 1 Devolutions 1 Devolutions Server 2025-03-14 6.5 Medium
Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
CVE-2024-49209 1 Archerirm 1 Archer 2025-03-14 6.5 Medium
Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and upload additional system icons.
CVE-2024-49208 1 Archerirm 1 Archer 2025-03-14 5.9 Medium
Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and delete system icons.
CVE-2024-47804 2 Jenkins, Redhat 2 Jenkins, Ocp Tools 2025-03-14 4.3 Medium
If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction.
CVE-2024-34458 1 Keyfactor 1 Command 2025-03-14 7.5 High
Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure.
CVE-2024-22923 1 Advradius 1 Adv Radius 2025-03-13 9.8 Critical
SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script.
CVE-2024-32892 1 Google 1 Android 2025-03-13 7.8 High
In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-25216 1 Sherlock 1 Employee Management System 2025-03-13 9.8 Critical
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php.
CVE-2024-0052 1 Google 1 Android 2025-03-13 6.2 Medium
In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.