Latest CVE Feed
-
9.8
CRITICALCVE-2018-6180
A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.... Read more
- Published: Feb. 08, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- Published: Mar. 13, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-39244
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic t... Read more
Affected Products : enterprise_storage_integrator_for_sap_landscape_management- Published: Feb. 15, 2024
- Modified: Jan. 23, 2025
-
9.8
CRITICALCVE-2010-2941
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary... Read more
Affected Products : cups ubuntu_linux enterprise_linux fedora debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation mac_os_x mac_os_x_server +3 more products- Published: Nov. 05, 2010
- Modified: Apr. 11, 2025
-
9.8
CRITICALCVE-2023-39226
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet.... Read more
Affected Products : infrasuite_device_master- Published: Nov. 30, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7756
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-6012
The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function.... Read more
- Published: Nov. 01, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-40989
SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.... Read more
Affected Products : jeecg_boot- Published: Sep. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-6005
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.... Read more
Affected Products : realpin- Published: Feb. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-6004
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.... Read more
Affected Products : file_download_tracker- Published: Feb. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5994
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.... Read more
Affected Products : js_jobs- Published: Feb. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-6006
SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.... Read more
Affected Products : js_autoz- Published: Feb. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5991
SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.... Read more
Affected Products : form_maker- Published: Feb. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5993
SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.... Read more
Affected Products : aist- Published: Feb. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5990
SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.... Read more
Affected Products : allvideos_reloaded- Published: Feb. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-1309
A vulnerability classified as critical was found in SourceCodester Online Graduate Tracer System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/search_it.php. The manipulation of the argument input leads to sql injection... Read more
Affected Products : online_graduate_tracer_system online_graduate_tracer_system online_graduate_tracer_system- Published: Mar. 10, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-40946
Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php.... Read more
Affected Products : schoolmate- Published: Sep. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5987
SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid paramet... Read more
Affected Products : social_pinboard- Published: Feb. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5980
SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.... Read more
Affected Products : solidres- Published: Feb. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-40920
Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().... Read more
Affected Products : prixanconnect- Published: Oct. 05, 2023
- Modified: Nov. 21, 2024