229 matches found
CVE-2025-32969 org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API
XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend,...
CVE-2025-3838 Improper Authorization in the installer for the EOL OVA based connect component
An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed...
CVE-2025-32853
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...
CVE-2025-32855
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...
CVE-2025-32832
CVE-2025-32832 affects Siemens TeleControl Server Basic (versions
CVE-2025-32829
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, t...
CVE-2025-32826
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetActiveProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...
CVE-2025-1321 teachPress <= 9.0.7 - Authenticated (Contributor+) SQL Injection
The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
CVE-2025-1144 Quanxun School Affairs System - Exposure of Sensitive Information
School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrator credentials...
Vulnerability of Microsoft Office package applications, Microsoft 365 Apps for Enterprise, and Microsoft Access database management systems, related to buffer overflows in dynamic memory, allowing attackers to execute arbitrary code.
The vulnerability of Microsoft Office packages, Microsoft 365 Apps for Enterprise, and the Microsoft Access database management system is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
CVE-2024-51165
SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...
Kashipara E-learning Management System 安全漏洞
Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands to access the database via the department parameter...
Unspecified Vulnerability in DataEase (CNVD-2024-20785)
DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and gain insight into business trends , so as to achieve business improvement and optimization . A security vulnerability exists in DataEase versions prior to 2.5.0. Attackers can use this...
AiLux imx6 Security Vulnerability
AiLux imx6 is a computing module from AiLux. A security vulnerability exists in versions prior to AiLux imx6 bundle imx61.0.7-2, which stems from the use of hard-coded credentials that allow an unauthenticated, remote attacker to access the database and all contained data...
CVE-2023-36934
In Progress MOVEit Transfer before 2020.1.11 12.1.11, 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized...
389-ds-base: expired password was still allowed to access the database
A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication...
389-ds-base: expired password was still allowed to access the database
A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication...
389-ds-base: expired password was still allowed to access the database
A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication...
Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2022-57611)
Huawei HarmonyOS is an operating system from Huawei, China. It provides a microkernel-based distributed operating system. A security vulnerability exists in the graphics component of Huawei HarmonyOS, stemming from the existence of a multi-threaded access database for the graphics acceleration...
July 5, 2022, update for Office 2016 (KB5002226)
July 5, 2022, update for Office 2016 KB5002226 This article describes update 5002226 for Microsoft Office 2016 that was released on July 5, 2022.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to Offi...