Search Results (37198 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-3314 1 Oretnom23 1 Computer Laboratory Management System 2025-01-22 6.3 Medium
A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php. The manipulation leads to sql injection. The attack may be initiated remotely. The identifier VDB-259385 was assigned to this vulnerability.
CVE-2023-29985 1 Oretnom23 1 Student Study Center Desk Management System 2025-01-22 9.8 Critical
Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.php#date_from has a SQL Injection vulnerability.
CVE-2023-2782 1 Acronis 1 Cyber Infrastructure 2025-01-22 5.5 Medium
Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38.
CVE-2025-0203 1 Code-projects 1 Student Management System 2025-01-22 6.3 Medium
A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-0204 1 Code-projects 1 Online Shoe Store 2025-01-22 6.3 Medium
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0205 1 Code-projects 1 Online Shoe Store 2025-01-22 6.3 Medium
A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-31597 1 Zammad 1 Zammad 2025-01-22 6.5 Medium
An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.
CVE-2023-23557 1 Facebook 1 Hermes 2025-01-21 9.8 Critical
An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
CVE-2023-23775 1 Fortinet 1 Fortisoar 2025-01-21 5.9 Medium
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.
CVE-2023-2832 1 Bumsys Project 1 Bumsys 2025-01-21 7.2 High
SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0.
CVE-2023-25933 1 Facebook 1 Hermes 2025-01-21 9.8 Critical
A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
CVE-2021-26093 1 Fortinet 1 Fortiwlc 2025-01-21 6.6 Medium
An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.
CVE-2023-26818 1 Telegram 1 Telegram 2025-01-21 5.5 Medium
Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.
CVE-2023-31707 1 Sem-cms 1 Semcms 2025-01-21 9.8 Critical
SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.
CVE-2024-52584 1 Autolabproject 1 Autolab 2025-01-21 5.4 Medium
Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the endpoint, which is not necessarily the class the submission is attached to. Version 3.0.2 contains a patch. No known workarounds are available.
CVE-2023-33252 1 0kims 1 Snarkjs 2025-01-21 7.5 High
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.
CVE-2024-31981 1 Xwiki 1 Xwiki 2025-01-21 10 Critical
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically used on the instance, an administrator can create the document `XWiki.PDFClass` and block its edition, after making sure that it does not contain a `style` attribute. Otherwise, there are no known workarounds aside from upgrading.
CVE-2024-31983 1 Xwiki 1 Xwiki 2025-01-21 10 Critical
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting in version 4.3-milestone-2 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, this can be exploited for remote code execution if the translation value is not properly escaped where it is used. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may restrict edit rights on documents that contain translations.
CVE-2024-31987 1 Xwiki 1 Xwiki 2025-01-21 10 Critical
XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. This has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1. No known workarounds are available except for upgrading.
CVE-2023-23299 1 Garmin 1 Connect-iq 2025-01-21 7.5 High
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.