Search Results (37194 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-1144 1 Deltaww 1 Infrasuite Device Master 2025-01-16 8.8 High
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1136 1 Deltaww 1 Infrasuite Device Master 2025-01-16 9.8 Critical
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass.
CVE-2023-2588 1 Teltonika 1 Remote Management System 2025-01-16 8.8 High
Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. A user can request a web proxy and obtain a URL in the Remote Management System cloud subdomain. This URL could be shared with others without Remote Management System authentication . An attacker could exploit this vulnerability to create a malicious webpage that uses a trusted and certified domain. An attacker could initiate a reverse shell when a victim connects to the malicious webpage, achieving remote code execution on the victim device.
CVE-2023-4299 1 Digi 39 Cm, Cm Firmware, Connect Es and 36 more 2025-01-16 9 Critical
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.
CVE-2023-4485 1 Ardereg 1 Sistemas Scada 2025-01-16 9.8 Critical
ARDEREG ​Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, the vulnerability could allow an attacker to execute arbitrary SQL queries through the login page, potentially leading to unauthorized access, data leakage, or even disruption of critical industrial processes.
CVE-2021-25749 2 Kubernetes, Redhat 2 Kubernetes, Openshift 2025-01-16 7.8 High
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
CVE-2024-3466 1 Oretnom23 1 Laundry Shop Management System 2025-01-16 5.5 Medium
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function laporan_filter of the file /application/controller/Pengeluaran.php. The manipulation of the argument dari/sampai leads to sql injection. The associated identifier of this vulnerability is VDB-259747.
CVE-2023-30615 1 Dfir-iris 1 Iris 2025-01-16 6.3 Medium
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web.
CVE-2023-2774 1 Bus Dispatch And Information System Project 1 Bus Dispatch And Information System 2025-01-16 6.3 Medium
A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229280.
CVE-2024-1981 1 Wpvivid 1 Migration\, Backup\, Staging 2025-01-16 9.8 Critical
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2024-25833 1 F-logic 1 Datacube3 2025-01-16 9.8 Critical
F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database.
CVE-2023-33983 1 Briarproject 1 Briar 2025-01-16 7.4 High
The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties.
CVE-2023-5611 1 S-sols 1 Seraphinite Accelerator 2025-01-16 5.3 Medium
The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them
CVE-2023-1158 1 Hitachi 2 Vantara Pentaho, Vantara Pentaho Business Analytics Server 2025-01-16 4.3 Medium
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 
CVE-2023-33280 1 Storecommander 1 Quickaccounting 2025-01-16 9.8 Critical
In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.
CVE-2023-33279 1 Scfixmyprestashop Project 1 Scfixmyprestashop 2025-01-16 9.8 Critical
In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.
CVE-2023-33278 1 Storecommander 1 Customers Export 2025-01-16 9.8 Critical
In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.
CVE-2023-31226 1 Huawei 1 Emui 2025-01-15 7.5 High
The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2024-3148 1 Dedecms 1 Dedecms 2025-01-15 6.3 Medium
A vulnerability, which was classified as critical, has been found in DedeCMS 5.7.112. This issue affects some unknown processing of the file dede/makehtml_archives_action.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258923. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2015-9452 1 Basixonline 1 Nex-forms 2025-01-15 9.8 Critical
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.