Search Results (37316 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-1903 1 Codezips 1 Online Shopping Website 2025-03-06 7.3 High
A vulnerability was found in Codezips Online Shopping Website 1.0. It has been rated as critical. This issue affects some unknown processing of the file /cart_add.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1902 1 Phpgurukul 1 Student Record System 2025-03-06 7.3 High
A vulnerability was found in PHPGurukul Student Record System 3.2. It has been declared as critical. This vulnerability affects unknown code of the file /password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1901 1 Phpgurukul 1 Restaurant Table Booking System 2025-03-06 7.3 High
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/check_availability.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-26046 1 Kitabisa 1 Teler-waf 2025-03-05 6.5 Medium
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been fixed in version 0.1.1.
CVE-2023-26053 1 Gradle 1 Gradle 2025-03-05 6.6 Medium
Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 and above. The problem is also patched in Gradle 6.9.4 and 7.6.1. As a workaround, use only full fingerprint IDs for `trusted-key` or `pgp` element in the metadata is a protection against this issue.
CVE-2023-24789 1 Jeecg 1 Jeecg 2025-03-05 8.8 High
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.
CVE-2023-22891 1 Smartbear 1 Zephyr Enterprise 2025-03-05 8.1 High
There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.
CVE-2022-47483 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-05 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.
CVE-2022-47482 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-05 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.
CVE-2022-47481 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-05 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.
CVE-2022-47480 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-03-05 5.5 Medium
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.
CVE-2021-4328 1 Lionfish Cms Project 1 Lionfish Cms 2025-03-05 6.3 Medium
A vulnerability has been found in 狮子鱼CMS and classified as critical. Affected by this vulnerability is the function goods_detail of the file ApiController.class.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222223.
CVE-2023-26056 1 Xwiki 1 Xwiki 2025-03-05 5.4 Medium
XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue.
CVE-2014-125091 1 Codepeople 1 Polls Cp 2025-03-05 4.7 Medium
A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222268.
CVE-2023-22251 1 Adobe 2 Commerce, Magento Open Source 2025-03-05 4.3 Medium
Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.
CVE-2025-25349 1 Phpgurukul 1 Daily Expense Tracker System 2025-03-05 9.8 Critical
PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter.
CVE-2023-26957 1 Onekeyadmin 1 Onekeyadmin 2025-03-05 9.1 Critical
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins.
CVE-2023-24782 1 Funadmin 1 Funadmin 2025-03-05 9.8 Critical
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.
CVE-2023-24777 1 Funadmin 1 Funadmin 2025-03-05 9.8 Critical
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.
CVE-2023-24773 1 Funadmin 1 Funadmin 2025-03-05 9.8 Critical
Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.