Search Results (37315 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-38318 1 Ibm 1 Aspera Shares 2025-03-07 4.8 Medium
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVE-2023-25575 1 Api-platform 1 Core 2025-03-07 7.7 High
API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the `security` option of the `ApiPlatform\Metadata\ApiProperty` attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON, which is enabled by default when installing API Platform. Custom serialization formats may also be impacted. Only collection endpoints are affected by the issue, item endpoints are not. The JSON-LD format is not affected by the issue. The result of the security rule is only executed for the first item of the collection. The result of the rule is then cached and reused for the next items. This bug can leak data to unauthorized users when the rule depends on the value of a property of the item. This bug can also hide properties that should be displayed to authorized users. This issue impacts the 2.7, 3.0 and 3.1 branches. Please upgrade to versions 2.7.10, 3.0.12 or 3.1.3. As a workaround, replace the `cache_key` of the context array of the Serializer inside a custom normalizer that works on objects if the security option of the `ApiPlatform\Metadata\ApiProperty` attribute is used.
CVE-2023-23315 1 Stripe 1 Stripe Payment Pro 2025-03-07 9.8 Critical
The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
CVE-2022-46501 1 Accruent 1 Maintenance Connection 2025-03-07 9.8 Critical
Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function.
CVE-2023-26780 1 Yf-exam Project 1 Yf-exam 2025-03-07 9.8 Critical
CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.
CVE-2023-24763 1 Prestashop 1 Xen Forum 2025-03-07 8.8 High
In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0.
CVE-2023-24642 1 Judging Management System Project 1 Judging Management System 2025-03-07 9.8 Critical
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php.
CVE-2023-24641 1 Judging Management System Project 1 Judging Management System 2025-03-07 9.8 Critical
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php.
CVE-2024-9008 2 Mayurik, Sourcecodester 2 Best Online News Portal, Best Online News Portal 2025-03-07 6.3 Medium
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-0784 1 Mayurik 1 Best Online News Portal 2025-03-07 7.3 High
A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. Affected is an unknown function of the component Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220644.
CVE-2024-5985 1 Mayurik 1 Best Online News Portal 2025-03-07 6.3 Medium
A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268461 was assigned to this vulnerability.
CVE-2023-1962 1 Mayurik 1 Best Online News Portal 2025-03-07 7.3 High
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225361 was assigned to this vulnerability.
CVE-2025-1875 1 Mayurik 1 Best Online News Portal 2025-03-07 9.8 Critical
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "searchtitle" parameter in search.php.
CVE-2025-1874 1 Mayurik 1 Best Online News Portal 2025-03-07 9.8 Critical
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "description" parameter in admin/add-category.php.
CVE-2025-1873 1 Mayurik 1 Best Online News Portal 2025-03-07 9.8 Critical
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagetitle" and "pagedescription" parameters in admin/contactus.php.
CVE-2025-1869 1 Mayurik 1 Best Online News Portal 2025-03-07 9.8 Critical
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "username" parameter in admin/check_avalability.php.
CVE-2025-1871 1 Mayurik 1 Best Online News Portal 2025-03-07 9.8 Critical
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "category" and "subcategory" parameters in admin/add-subcategory.php.
CVE-2025-1870 1 Mayurik 1 Best Online News Portal 2025-03-07 9.8 Critical
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagedescription" parameter in admin/aboutus.php.
CVE-2023-27560 1 Phpseclib 1 Phpseclib 2025-03-06 7.5 High
Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.
CVE-2022-4134 2 Openstack, Redhat 2 Glance, Openstack 2025-03-06 2.8 Low
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.