Export limit exceeded: 365399 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (5124 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9861 1 Sma 78 Sunny Boy 1.5, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 and 75 more 2025-04-20 N/A
An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the device from anywhere within the LAN. An attacker may use this to crash the device, stop it from communicating with the SMA servers, exploit known SIP vulnerabilities, or find sensitive information from the SIP communications. Furthermore, because the SIP communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. For example, passwords can be extracted. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
CVE-2017-14397 2 Anydesk, Microsoft 2 Anydesk, Windows 2025-04-20 N/A
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.
CVE-2017-17511 2 Debian, Kildclient 2 Debian Linux, Kildclient 2025-04-20 N/A
KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.
CVE-2017-7459 1 Ntop 1 Ntopng 2025-04-20 N/A
ntopng before 3.0 allows HTTP Response Splitting.
CVE-2017-6031 1 Certec Edv Gmbh 1 Atvise Scada 2025-04-20 N/A
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.
CVE-2017-16719 1 Moxa 6 Nport 5110, Nport 5110 Firmware, Nport 5130 and 3 more 2025-04-20 N/A
An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device.
CVE-2016-5013 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.
CVE-2017-17516 1 Reddit Terminal Viewer Project 1 Reddit Terminal Viewer 2025-04-20 N/A
scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
CVE-2017-1000217 1 Opencast 1 Opencast 2025-04-20 N/A
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.
CVE-2024-34448 1 Ghost 1 Ghost 2025-04-18 8.8 High
Ghost before 5.82.0 allows CSV Injection during a member CSV export.
CVE-2025-0950 1 Angeljudesuarez 1 Tailoring Management System 2025-04-18 6.3 Medium
A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file staffview.php. The manipulation of the argument staffid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-46986 1 Tuzitio 1 Camaleon Cms 2025-04-17 10 Critical
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2022-42544 1 Google 1 Android 2025-04-17 7.8 High
In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390
CVE-2024-12936 1 Code-projects 1 Simple Admin Panel 2025-04-17 6.3 Medium
A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipulation of the argument record leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12946 1 1000projects 1 Attendance Tracking Management System 2025-04-17 7.3 High
A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/admin_action.php. The manipulation of the argument admin_user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12927 1 1000projects 1 Attendance Tracking Management System 2025-04-17 7.3 High
A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected by this issue is some unknown functionality of the file /faculty/check_faculty_login.php. The manipulation of the argument faculty_emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12935 1 Code-projects 1 Simple Admin Panel 2025-04-17 6.3 Medium
A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2021-38395 1 Honeywell 8 Application Control Environment, Application Control Environment Firmware, C200 and 5 more 2025-04-16 9.1 Critical
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
CVE-2025-0843 1 Needyamin 1 Library Card System 2025-04-16 7.3 High
A vulnerability was found in needyamin Library Card System 1.0. It has been classified as critical. Affected is an unknown function of the file admindashboard.php of the component Admin Panel. The manipulation of the argument email/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3186 1 Projectworlds 1 Online Doctor Appointment Booking System Php And Mysql 2025-04-15 7.3 High
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /patient/invoice.php. The manipulation of the argument appid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.