Export limit exceeded: 337617 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 337617 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337617 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34784 | 1 Ivanti | 1 Endpoint Manager | 2025-05-01 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-34782 | 1 Ivanti | 1 Endpoint Manager | 2025-05-01 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-34781 | 1 Ivanti | 1 Endpoint Manager | 2025-05-01 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2022-3873 | 1 Diagrams | 1 Drawio | 2025-05-01 | 6.1 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2. | ||||
| CVE-2022-41203 | 1 Sap | 1 Businessobjects Business Intelligence | 2025-05-01 | 8.8 High |
| In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system. | ||||
| CVE-2020-12507 | 1 Badgermeter | 1 Moni\ | 2025-05-01 | 8.8 High |
| In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS. | ||||
| CVE-2022-44747 | 1 Acronis | 1 Cyber Protect Home Office | 2025-05-01 | 7.8 High |
| Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | ||||
| CVE-2022-44733 | 1 Acronis | 1 Cyber Protect Home Office | 2025-05-01 | 7.8 High |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. | ||||
| CVE-2022-44732 | 1 Acronis | 1 Cyber Protect Home Office | 2025-05-01 | 7.8 High |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. | ||||
| CVE-2025-26200 | 1 Slims | 1 Senayan Library Management System | 2025-05-01 | 7.2 High |
| SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component. | ||||
| CVE-2023-4148 | 1 Metaphorcreations | 1 Ditty | 2025-05-01 | 6.1 Medium |
| The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2022-44547 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | 7.5 High |
| The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability. | ||||
| CVE-2022-43321 | 1 Shopwind | 1 Shopwind | 2025-05-01 | 6.1 Medium |
| Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. | ||||
| CVE-2022-43320 | 1 Feehi | 1 Feehicms | 2025-05-01 | 6.1 Medium |
| FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer. | ||||
| CVE-2022-43310 | 1 Foxitsoftware | 1 Foxit Reader | 2025-05-01 | 7.8 High |
| An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. | ||||
| CVE-2022-43292 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-01 | 7.2 High |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php. | ||||
| CVE-2022-43291 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-01 | 7.2 High |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php. | ||||
| CVE-2022-43290 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-01 | 7.2 High |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php. | ||||
| CVE-2022-43278 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-01 | 7.2 High |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php. | ||||
| CVE-2022-43277 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-01 | 7.2 High |
| Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||