Search Results (37049 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-40933 1 Nagios 1 Nagios Xi 2024-11-21 8.8 High
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.
CVE-2023-40931 1 Nagios 1 Nagios Xi 2024-11-21 6.5 Medium
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
CVE-2023-40922 1 Kerawen 1 Kerawen 2024-11-21 9.8 Critical
kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent().
CVE-2023-40921 1 Common-services 1 Soliberte 2024-11-21 9.8 Critical
SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters.
CVE-2023-40920 1 Prixan 1 Prixanconnect 2024-11-21 9.8 Critical
Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().
CVE-2023-40852 1 User Registration \& Login And User Management System With Admin Panel Project 1 User Registration \& Login And User Management System With Admin Panel 2024-11-21 9.8 Critical
SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page.
CVE-2023-40829 1 Tencent 1 Enterprise Wechat Privatization 2024-11-21 7.5 High
There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000.
CVE-2023-40787 1 Bladex 1 Springblade 2024-11-21 9.8 Critical
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.
CVE-2023-40771 1 Dataease 1 Dataease 2024-11-21 7.5 High
SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function.
CVE-2023-40749 1 Phpjabbers 1 Food Delivery Script 2024-11-21 9.8 Critical
PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php.
CVE-2023-40748 1 Phpjabbers 1 Food Delivery Script 2024-11-21 9.8 Critical
PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the "q" parameter of index.php.
CVE-2023-40654 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-11-21 6.7 Medium
In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed
CVE-2023-40653 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-11-21 6.7 Medium
In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed
CVE-2023-40650 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-11-21 5.5 Medium
In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVE-2023-40649 2 Google, Unisoc 2 Android, Sc9863a 2024-11-21 5.5 Medium
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVE-2023-40648 2 Google, Unisoc 2 Android, Sc9863a 2024-11-21 5.5 Medium
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVE-2023-40647 2 Google, Unisoc 2 Android, Sc9863a 2024-11-21 5.5 Medium
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVE-2023-40646 2 Google, Unisoc 2 Android, Sc9863a 2024-11-21 5.5 Medium
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVE-2023-40645 2 Google, Unisoc 2 Android, Sc9863a 2024-11-21 5.5 Medium
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVE-2023-40644 2 Google, Unisoc 2 Android, Sc9863a 2024-11-21 5.5 Medium
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed