Search Results (37188 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-29229 1 Synology 2 Diskstation Manager, Surveillance Station 2025-01-14 7.7 High
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2024-29228 1 Synology 2 Diskstation Manager, Surveillance Station 2025-01-14 7.7 High
Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2023-33197 1 Craftcms 1 Craft Cms 2025-01-14 5.5 Medium
Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.
CVE-2021-43927 1 Synology 1 Diskstation Manager 2025-01-14 4.7 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2021-43926 1 Synology 1 Diskstation Manager 2025-01-14 4.7 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2021-26563 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2025-01-14 8.2 High
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
CVE-2021-43925 1 Synology 1 Diskstation Manager 2025-01-14 4.7 Medium
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CVE-2023-33196 1 Craftcms 1 Craft Cms 2025-01-14 5.5 Medium
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33194 2 Craftcms, Craftercms 2 Craft Cms, Craftercms 2025-01-14 3.7 Low
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6.
CVE-2023-2945 1 Open-emr 1 Openemr 2025-01-14 5.4 Medium
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-24605 1 Open-xchange 1 Ox App Suite 2025-01-14 4.2 Medium
OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.
CVE-2022-24628 1 Audiocodes 1 Device Manager Express 2025-01-14 7.2 High
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.
CVE-2022-24627 1 Audiocodes 1 Device Manager Express 2025-01-14 9.8 Critical
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
CVE-2024-39363 2025-01-14 9.6 Critical
A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
CVE-2023-24599 1 Open-xchange 1 Ox App Suite 2025-01-14 4.3 Medium
OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."
CVE-2023-24600 1 Open-xchange 1 Ox App Suite 2025-01-14 4.3 Medium
OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book.
CVE-2024-56449 1 Huawei 2 Emui, Harmonyos 2025-01-13 6.6 Medium
Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-28352 2 Faronics, Microsoft 2 Insight, Windows 2025-01-13 7.4 High
An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled.
CVE-2021-4336 1 Itrsgroup 1 Ninja 2025-01-13 5.5 Medium
A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080faec9bca1ca5342386c0421dca0a6c0cc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230084.
CVE-2023-33734 1 Bluecms Project 1 Bluecms 2025-01-13 9.8 Critical
BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php.