ReportizFlow
Filtered by vendor
Subscriptions
Total
4204 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26609 | 1 Wegia | 1 Wegia | 2025-02-28 | 9.8 Critical |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `familiar_docfamiliar.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-26611 | 1 Wegia | 1 Wegia | 2025-02-28 | 9.8 Critical |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `remover_produto.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-26606 | 1 Wegia | 1 Wegia | 2025-02-28 | 9.8 Critical |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `informacao_adicional.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-26608 | 1 Wegia | 1 Wegia | 2025-02-28 | 9.8 Critical |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `dependente_docdependente.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-1590 | 1 Janobe | 1 E-learning System | 2025-02-28 | 4.7 Medium |
| A vulnerability was found in SourceCodester E-Learning System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/lesson/index.php of the component List of Lessons Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. | ||||
| CVE-2025-1598 | 1 Mayurik | 1 Best Church Management Software | 2025-02-28 | 6.3 Medium |
| A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/asset_crud.php. The manipulation of the argument photo1 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1593 | 1 Mayurik | 1 Best Employee Management System | 2025-02-28 | 4.7 Medium |
| A vulnerability classified as critical has been found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /_hr_soft/assets/uploadImage/Profile/ of the component Profile Picture Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. | ||||
| CVE-2025-1606 | 1 Mayurik | 1 Best Employee Management System | 2025-02-28 | 4.3 Medium |
| A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-4331 | 1 Gitlab | 1 Gitlab | 2025-02-28 | 5.7 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group. | ||||
| CVE-2023-23911 | 1 Rocket.chat | 1 Rocket.chat | 2025-02-28 | 7.5 High |
| An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. | ||||
| CVE-2024-23675 | 1 Splunk | 2 Cloud, Splunk | 2025-02-28 | 6.5 Medium |
| In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections. | ||||
| CVE-2024-36989 | 1 Splunk | 2 Cloud, Splunk | 2025-02-28 | 6.5 Medium |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive. | ||||
| CVE-2024-45735 | 1 Splunk | 4 Splunk, Splunk Cloud Platform, Splunk Enterprise and 1 more | 2025-02-28 | 4.3 Medium |
| In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App. | ||||
| CVE-2024-45734 | 1 Splunk | 2 Splunk, Splunk Enterprise | 2025-02-28 | 4.3 Medium |
| In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard. | ||||
| CVE-2024-13693 | 1 Kriesi | 1 Enfold | 2025-02-28 | 5.3 Medium |
| The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive information such as the Mailchimp API Key, reCAPTCHA Secret Key, or Envato private token if they are set. | ||||
| CVE-2025-24435 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-02-28 | 4.3 Medium |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-38167 | 1 Microsoft | 1 Dynamics 365 Business Central | 2025-02-28 | 7.2 High |
| Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | ||||
| CVE-2023-36890 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | 6.5 Medium |
| Microsoft SharePoint Server Information Disclosure Vulnerability | ||||
| CVE-2021-36036 | 1 Magento | 1 Magento | 2025-02-28 | 7.2 High |
| Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privilege can gain access to delete the .htaccess file. This could result in the attacker achieving remote code execution. | ||||
| CVE-2023-40060 | 1 Solarwinds | 1 Serv-u | 2025-02-27 | 7.2 High |
| A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | ||||