Lucene search
K

229 matches found

Vulnrichment
Vulnrichment
added 2025/04/23 3:33 p.m.9 views

CVE-2025-32969 org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API

XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend,...

9.3CVSS8AI score0.79487EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/04/21 9:33 a.m.14 views

CVE-2025-3838 Improper Authorization in the installer for the EOL OVA based connect component

An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed...

6.1CVSS6.5AI score0.00109EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 6:16 p.m.8 views

CVE-2025-32853

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

8.8CVSS0.00525EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 6:16 p.m.10 views

CVE-2025-32855

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

8.8CVSS0.0049EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 5:38 p.m.61 views

CVE-2025-32832

CVE-2025-32832 affects Siemens TeleControl Server Basic (versions

8.8CVSS8.8AI score0.00604EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/16 5:37 p.m.7 views

CVE-2025-32829

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, t...

8.8CVSS7.8AI score0.00604EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 5:37 p.m.7 views

CVE-2025-32826

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetActiveProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

8.8CVSS8.8AI score0.00604EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/04 3:37 a.m.14 views

CVE-2025-1321 teachPress <= 9.0.7 - Authenticated (Contributor+) SQL Injection

The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

6.5CVSS0.00447EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/11 3:21 a.m.12 views

CVE-2025-1144 Quanxun School Affairs System - Exposure of Sensitive Information

School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials...

9.8CVSS0.00466EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/01/27 12:0 a.m.5 views

Vulnerability of Microsoft Office package applications, Microsoft 365 Apps for Enterprise, and Microsoft Access database management systems, related to buffer overflows in dynamic memory, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Office packages, Microsoft 365 Apps for Enterprise, and the Microsoft Access database management system is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS8.7AI score0.00997EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/12/10 12:0 a.m.28 views

CVE-2024-51165

SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...

0.00591EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.5 views

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands to access the database via the department parameter...

9.8CVSS8AI score0.00583EPSS
Exploits1References1
CNVD
CNVD
added 2024/04/10 12:0 a.m.5 views

Unspecified Vulnerability in DataEase (CNVD-2024-20785)

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and gain insight into business trends , so as to achieve business improvement and optimization . A security vulnerability exists in DataEase versions prior to 2.5.0. Attackers can use this...

5.3CVSS6.9AI score0.16EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.8 views

AiLux imx6 Security Vulnerability

AiLux imx6 is a computing module from AiLux. A security vulnerability exists in versions prior to AiLux imx6 bundle imx61.0.7-2, which stems from the use of hard-coded credentials that allow an unauthenticated, remote attacker to access the database and all contained data...

9.8CVSS6.8AI score0.00591EPSS
Exploits0References2
NVD
NVD
added 2023/07/05 4:15 p.m.29 views

CVE-2023-36934

In Progress MOVEit Transfer before 2020.1.11 12.1.11, 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized...

9.1CVSS9.4AI score0.95EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/12/13 4:9 p.m.6 views

389-ds-base: expired password was still allowed to access the database

A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication...

6.5CVSS5.7AI score0.01531EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2022/11/15 1:30 p.m.4 views

389-ds-base: expired password was still allowed to access the database

A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication...

6.5CVSS5.7AI score0.01531EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2022/07/19 9:11 p.m.5 views

389-ds-base: expired password was still allowed to access the database

A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication...

6.5CVSS5.7AI score0.01531EPSS
Exploits2References4
CNVD
CNVD
added 2022/07/15 12:0 a.m.31 views

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2022-57611)

Huawei HarmonyOS is an operating system from Huawei, China. It provides a microkernel-based distributed operating system. A security vulnerability exists in the graphics component of Huawei HarmonyOS, stemming from the existence of a multi-threaded access database for the graphics acceleration...

7.5CVSS3.3AI score0.00616EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2022/07/05 12:0 a.m.4 views

July 5, 2022, update for Office 2016 (KB5002226)

July 5, 2022, update for Office 2016 KB5002226 This article describes update 5002226 for Microsoft Office 2016 that was released on July 5, 2022.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to Offi...

6.4AI score
Exploits0
Rows per page
Query Builder