Search Results (37310 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-28663 1 Formidablepro2pdf 1 Formidable Pro2pdf 2025-02-25 8.8 High
The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affected by an authenticated SQL injection vulnerability in the ‘fieldmap’ parameter in the fpropdf_export_file action.
CVE-2023-28662 1 Codemenschen 1 Gift Vouchers 2025-02-25 9.8 Critical
The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.
CVE-2023-28659 1 Plugin 1 Waiting 2025-02-25 8.8 High
The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbc_down[meta][id] parameter of the pbc_save_downs action.
CVE-2023-0911 1 Getshortcodes 1 Shortcodes Ultimate 2025-02-25 6.5 Medium
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as the user email and activation key by default.
CVE-2025-1188 1 Codezips 1 Gym Management System 2025-02-25 6.3 Medium
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutine.php. The manipulation of the argument tid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-45424 2025-02-25 5.3 Medium
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2023-28611 1 Omicronenergy 2 Stationguard, Stationscout 2025-02-25 9.8 Critical
Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions.
CVE-2023-27871 2 Ibm, Linux 2 Aspera Faspex, Linux Kernel 2025-02-25 7.5 High
IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613.
CVE-2023-1578 1 Pimcore 1 Pimcore 2025-02-25 8.8 High
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.
CVE-2025-0842 1 Needyamin 1 Library Card System 2025-02-25 7.3 High
A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0880 1 Codezips 1 Gym Management System 2025-02-25 6.3 Medium
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/updateplan.php. The manipulation of the argument planid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-28675 1 Jenkins 1 Octoperf Load Testing 2025-02-25 4.3 Medium
A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.
CVE-2025-1183 1 Codezips 1 Gym Management System 2025-02-25 6.3 Medium
A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/more-userprofile.php. The manipulation of the argument login_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-1603 1 Devolutions 1 Devolutions Server 2025-02-25 6.5 Medium
Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision.
CVE-2023-20955 1 Google 1 Android 2025-02-25 7.8 High
In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258653813
CVE-2023-20975 1 Google 1 Android 2025-02-25 7.8 High
In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-250573776
CVE-2023-20971 1 Google 1 Android 2025-02-25 7.8 High
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-28660 1 E-dynamics 1 Events Made Easy 2025-02-25 8.8 High
The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action.
CVE-2023-28661 1 Accesspressthemes 1 Wp Popup Banners 2025-02-25 8.8 High
The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.
CVE-2022-30037 1 Xunruicms 1 Xunruicms 2025-02-25 7.2 High
XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php.