Search Results (37315 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-5066 1 Phpgurukul 1 Online Course Registration System 2025-03-03 6.3 Medium
A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. Affected by this vulnerability is an unknown functionality of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264925 was assigned to this vulnerability.
CVE-2024-43060 2025-03-03 7.8 High
Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP.
CVE-2021-47469 2025-03-03 4.4 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-5350 1 Anji-plus 1 Aj-report 2025-03-01 6.3 Medium
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266262 is the identifier assigned to this vulnerability.
CVE-2023-23735 1 Brainstormforce 1 Spectra 2025-03-01 5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through 2.3.0.
CVE-2024-12960 1 1000projects 1 Portfolio Management System Mca 2025-02-28 7.3 High
A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. This issue affects some unknown processing of the file /update_edu_details.php. The manipulation of the argument q leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-38810 1 Vmware 1 Spring Security 2025-02-28 6.5 Medium
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.
CVE-2023-36887 1 Microsoft 1 Edge Chromium 2025-02-28 7.8 High
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2023-20926 1 Google 1 Android 2025-02-28 6.8 Medium
In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-253043058
CVE-2023-24885 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2025-02-28 8.8 High
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24927 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2025-02-28 8.8 High
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24929 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2025-02-28 8.8 High
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-28243 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2025-02-28 8.8 High
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-21719 1 Microsoft 1 Edge Chromium 2025-02-28 6.5 Medium
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-32040 1 Microsoft 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more 2025-02-28 5.5 Medium
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2025-1581 1 Phpgurukul 1 Online Nurse Hiring System 2025-02-28 6.3 Medium
A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /book-nurse.php?bookid=1. The manipulation of the argument contactname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1583 1 Phpgurukul 1 Online Nurse Hiring System 2025-02-28 6.3 Medium
A vulnerability classified as critical has been found in PHPGurukul Online Nurse Hiring System 1.0. This affects an unknown part of the file /admin/search-report-details.php. The manipulation of the argument searchinput leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-26612 1 Wegia 1 Wegia 2025-02-28 9.8 Critical
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `adicionar_almoxarife.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-23218 1 Wegia 1 Wegia 2025-02-28 9.8 Critical
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_especie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.
CVE-2025-26611 1 Wegia 1 Wegia 2025-02-28 9.8 Critical
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `remover_produto.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.