Search Results (37315 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-24643 1 Judging Management System Project 1 Judging Management System 2025-03-06 9.8 Critical
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php.
CVE-2023-24781 1 Funadmin 1 Funadmin 2025-03-06 9.8 Critical
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.
CVE-2023-24780 1 Funadmin 1 Funadmin 2025-03-06 9.8 Critical
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.
CVE-2022-47478 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-06 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2022-47477 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-06 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2022-47475 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-06 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2022-47474 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-06 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-4059 1 Cozmoslabs 1 Profile Builder 2025-03-06 4.3 Medium
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog
CVE-2023-42553 1 Samsung 1 Email 2025-03-06 4 Medium
Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email.
CVE-2023-42541 1 Samsung 1 Push Service 2025-03-06 4 Medium
Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id.
CVE-2023-3814 1 Advancedfilemanager 1 Advanced File Manager 2025-03-06 4.9 Medium
The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.
CVE-2023-0328 1 Wpcode 1 Wpcode 2025-03-06 4.3 Medium
The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).
CVE-2022-47479 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-06 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2022-47476 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-06 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-26510 1 Ghost 1 Ghost 2025-03-06 5.7 Medium
Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact.
CVE-2021-36392 1 Moodle 1 Moodle 2025-03-06 9.8 Critical
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.
CVE-2021-36393 1 Moodle 1 Moodle 2025-03-06 9.8 Critical
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
CVE-2023-5269 1 Mayurik 1 Best Courier Management System 2025-03-06 5.5 Medium
A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id/s leads to sql injection. The exploit has been disclosed to the public and may be used.
CVE-2025-1900 1 Phpgurukul 1 Restaurant Table Booking System 2025-03-06 7.3 High
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /add-table.php. The manipulation of the argument tableno leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1903 1 Codezips 1 Online Shopping Website 2025-03-06 7.3 High
A vulnerability was found in Codezips Online Shopping Website 1.0. It has been rated as critical. This issue affects some unknown processing of the file /cart_add.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.