| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the component Products Table Page. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
| Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input. |
| ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34. |
| Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. |
| A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical. Affected by this issue is the function top.continew.starter.extension.crud.controller.BaseController#page of the file /api/system/user?deptId=1&page=1&size=10. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to steal sensitive data. This issue may lead to sensitive information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch. |
| Due to the missing authorization checks in the
local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application
Server (ABAP and Java), and SAP Content Server can impersonate other users and
may perform some unintended actions. This could lead to a low impact on
confidentiality and a high impact on the integrity and availability of the
applications. |
| In SAP BusinessObjects Business Intelligence
Platform, if Single Signed On is enabled on Enterprise authentication, an
unauthorized user can get a logon token using a REST endpoint. The attacker can
fully compromise the system resulting in High impact on confidentiality,
integrity and availability. |
| A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseController#tree of the file /api/system/dept/tree?sort=parentId%2Casc&sort=sort%2Casc. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
