Search Results (37309 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-27133 2025-02-24 N/A
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was discovered in the WeGIA application prior to version 3.2.15 at the `adicionar_tipo_exame.php` endpoint. This vulnerability allows an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. Version 3.2.15 contains a patch for the issue.
CVE-2022-48350 1 Huawei 2 Emui, Harmonyos 2025-02-24 7.5 High
The HUAWEI Messaging app has a vulnerability of unauthorized file access. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-1076 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-02-24 5.5 Medium
A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.
CVE-2023-1075 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more 2025-02-24 3.3 Low
A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.
CVE-2022-26283 1 Oretnom23 1 Simple Subscription Website 2025-02-24 9.8 Critical
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
CVE-2022-30053 1 Oretnom23 1 Toll Tax Management System 2025-02-24 9.8 Critical
In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks.
CVE-2023-44047 1 Oretnom23 1 Toll Tax Management System 2025-02-24 7.2 High
Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection.
CVE-2021-43140 1 Oretnom23 1 Simple Subscription Website 2025-02-24 9.8 Critical
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.
CVE-2022-34067 1 Oretnom23 1 Warehouse Management System 2025-02-24 7.5 High
Warehouse Management System v1.0 was discovered to contain a SQL injection vulnerability via the cari parameter.
CVE-2024-5107 1 Campcodes 1 Complete Web-based School Management System 2025-02-21 6.3 Medium
A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_payment_details2.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265097 was assigned to this vulnerability.
CVE-2024-5108 1 Campcodes 1 Complete Web-based School Management System 2025-02-21 6.3 Medium
A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/student_payment_details4.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-265098 is the identifier assigned to this vulnerability.
CVE-2024-5114 1 Campcodes 1 Complete Web-based School Management System 2025-02-21 6.3 Medium
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_attendance_history1.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265104.
CVE-2024-5115 1 Campcodes 1 Complete Web-based School Management System 2025-02-21 6.3 Medium
A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_profile.php. The manipulation of the argument index leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265105 was assigned to this vulnerability.
CVE-2024-5135 1 Phpgurukul 1 Directory Management System 2025-02-21 7.3 High
A vulnerability was found in PHPGurukul Directory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265211.
CVE-2024-5109 1 Campcodes 1 Complete Web-based School Management System 2025-02-21 6.3 Medium
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_payment_history.php. The manipulation of the argument index leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265099.
CVE-2023-26864 1 Smplredirectionsmanager Project 1 Smplredirectionsmanager 2025-02-21 9.8 Critical
SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent.
CVE-2023-21056 1 Google 1 Android 2025-02-21 6.7 Medium
In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245300559References: N/A
CVE-2024-5110 1 Campcodes 1 Complete Web-based School Management System 2025-02-21 6.3 Medium
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/student_payment_invoice.php. The manipulation of the argument index leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265100.
CVE-2024-5111 1 Campcodes 1 Complete Web-based School Management System 2025-02-21 6.3 Medium
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/student_payment_invoice1.php. The manipulation of the argument date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265101 was assigned to this vulnerability.
CVE-2024-5112 1 Campcodes 1 Complete Web-based School Management System 2025-02-21 6.3 Medium
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/student_profile.php. The manipulation of the argument std_index leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-265102 is the identifier assigned to this vulnerability.