Search Results (37222 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-51479 1 Buildapp 1 Build App Online 2025-02-05 8.8 High
Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
CVE-2024-49840 1 Qualcomm 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more 2025-02-05 7.8 High
Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.
CVE-2024-45584 1 Qualcomm 248 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 245 more 2025-02-05 7.8 High
Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.
CVE-2024-6007 1 Netentsec 1 Application Security Gateway 2025-02-05 6.3 Medium
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-2020 1 Checkmk 1 Checkmk 2025-02-05 4.3 Medium
Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2.1.0p27 and <= 2.2.0b4 (beta) allow unauthorized users to schedule downtimes for any host.
CVE-2023-30556 1 Archerydms 1 Archery 2025-02-05 6.5 Medium
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `optimize_sqltuningadvisor` method of `sql_optimize.py`. User input coming from the `db_name` parameter value in `sql_optimize.py` is passed to the `sqltuningadvisor` method in `oracle.py`for execution. To mitigate escape the variables accepted via user input when used in `sql_optimize.py`. Users may also use prepared statements when dealing with SQL as a mitigation for this issue. This issue is also indexed as `GHSL-2022-107`.
CVE-2023-39922 1 Theme-fusion 1 Avada 2025-02-05 4.3 Medium
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.
CVE-2024-32799 1 Realestateconnected 1 Easy Property Listings 2025-02-05 5.3 Medium
Missing Authorization vulnerability in Merv Barrett Easy Property Listings.This issue affects Easy Property Listings: from n/a through 3.5.3.
CVE-2024-2329 1 Netentsec 1 Application Security Gateway 2025-02-05 6.3 Medium
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_resource_icon.php?action=delete. The manipulation of the argument IconId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2330 1 Netentsec 1 Application Security Gateway 2025-02-05 6.3 Medium
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-22309 1 Tribe29 1 Checkmk Appliance Firmware 2025-02-04 6.1 Medium
Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4.
CVE-2022-46302 1 Checkmk 1 Checkmk 2025-02-04 8.8 High
Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host.
CVE-2023-2212 1 Coffee Shop Pos System Project 1 Coffee Shop Pos System 2025-02-04 6.3 Medium
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226977 was assigned to this vulnerability.
CVE-2023-2217 1 Task Reminder System Project 1 Task Reminder System 2025-02-04 6.3 Medium
A vulnerability, which was classified as critical, was found in SourceCodester Task Reminder System 1.0. This affects an unknown part of the file /admin/reminders/manage_reminder.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226983.
CVE-2023-2114 1 Basixonline 1 Nex-forms 2025-02-04 7.2 High
The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.
CVE-2023-30544 1 Kiwitcms 1 Kiwi Tcms 2025-02-04 3.9 Low
Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. Operators of Kiwi TCMS should upgrade to v12.2 or later to receive a patch. No known workarounds exist.
CVE-2023-0388 1 Random Text Project 1 Random Text 2025-02-04 8.8 High
The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers.
CVE-2023-24823 1 Riot-os 1 Riot 2025-02-04 9.8 Critical
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header. This occurs while encoding a 6LoWPAN IPHC header. The type confusion manifests in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, apply the patches manually.
CVE-2024-49596 1 Dell 2 Dell Wyse Management Suite Repository, Wyse Management Suite 2025-02-04 5.9 Medium
Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion
CVE-2024-45760 1 Dell 1 Openmanage Server Administrator 2025-02-04 4.3 Medium
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges.