EUVD-2025-35160

Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api...

CVE-2025-9428 SQL Injection

Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api...

CVE-2025-9428

CVE-2025-9428 affects Zohocorp ManageEngine Analytics Plus prior to or at version 6171, with an authenticated SQL Injection via the key update API. Impact described across sources as potential unauthorized data exposure and database manipulation (HIGH risk per CVSS references). Public advisories ...

ZOHO ManageEngine Analytics Plus 安全漏洞

ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO. Get a better view of your IT data with rich visualizations and dashboards. ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability, the vulnerability is due to insufficient input validation. An attacker can...

EUVD-2025-35203

LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...

Oracle Analytics 安全漏洞

Oracle Analytics is an enterprise analytics solution from Oracle Corporation USA. A security vulnerability exists in Oracle BI Publisher versions 7.6.0.0.0 and 8.2.0.0.0 for Oracle Analytics that originates from an HTTP web access attack by a low-privileged attacker that could result in...

CVE-2025-60427

LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...

CVE-2025-60427

LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of...

Oracle Analytics 安全漏洞

Oracle Analytics is an enterprise analytics solution from Oracle Corporation USA. A security vulnerability exists in Oracle Business Intelligence Enterprise Edition versions 7.6.0.0.0 and 8.2.0.0.0 for Oracle Analytics that originates from an attack that could be exploited by an elevated-privileg...

IBM Planning Analytics Local Cross-Site Scripting Vulnerability

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. IBM Planning Analytics Local suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

CVE-2025-60427

LibreTime 3.0.0-alpha.10 (and possibly earlier) is affected by Broken Access Control. A user with the DJ role can access analytics data via the Web UI and direct API calls because the backend does not verify role-based permissions for analytics endpoints, allowing unauthorized retrieval of statio...

WhatWeb Scanner 0.6.3

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different...

Security Bulletin: User Entity Behavior Analytics app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. User Entity Behavior Analytics app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is a Java...

Malicious code in @gala-analytics/core (npm)

The package @gala-analytics/core was found to contain malicious code...

MAL-2025-48465 Malicious code in @gala-analytics/core (npm)

The package @gala-analytics/core was found to contain malicious code...

EUVD-2025-34851

Malicious code in deere-ui-analytics-events npm...

Malicious code in deere-ui-analytics-events (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1f64972a4645f02ce8d2349292d39f66a1f1c615e49f77ebfe162b95148b6f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48444 Malicious code in deere-ui-analytics-events (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1f64972a4645f02ce8d2349292d39f66a1f1c615e49f77ebfe162b95148b6f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

VulnCheck KEV: CVE-2023-34124

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

WSO2多款产品 安全漏洞

WSO2 API Manager is an API lifecycle management solution, WSO2 API Manager Analytics is an analytics component, and WSO2 API Control Plane is a control panel. A security vulnerability exists in a number of WSO2 products. The vulnerability stems from insufficient enforcement of permissions in the...