Lucene search
K

239 matches found

Cvelist
Cvelist
added 2025/11/19 4:2 p.m.13 views

CVE-2025-65023 i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...

7.2CVSS0.00353EPSS
Exploits1References2
OSV
OSV
added 2025/11/19 4:2 p.m.6 views

CVE-2025-65023 i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...

7.2CVSS8.3AI score0.00353EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.3 views

PT-2025-47474

Name of the Vulnerable Software and Affected Versions i-Educar versions prior to 2.10.0 Description i-Educar is school management software. A time-based SQL injection exists in the ieducar/intranet/funcionario vinculo cad.php script for authenticated users. An attacker with an authenticated sessi...

7.2CVSS7.8AI score0.00353EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.4 views

PT-2025-47473

Name of the Vulnerable Software and Affected Versions i-Educar versions prior to 2.10.0 Description i-Educar is school management software with a flaw that allows an authenticated attacker to execute arbitrary SQL commands against the application's database. This is due to improper handling of th...

7.2CVSS7.6AI score0.00274EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/11/18 6:52 p.m.10 views

CVE-2025-37159 Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...

5.8CVSS0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/18 6:52 p.m.3 views

CVE-2025-37159 Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...

5.8CVSS6.5AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/20 9:27 p.m.21 views

CVE-2025-62425

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

8.3CVSS6.8AI score0.00427EPSS
Exploits0References1
CVE
CVE
added 2025/10/16 6:44 p.m.10 views

CVE-2025-62425

MAS (Matrix Authentication Service) is affected by a logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 that lets an attacker with access to an authenticated MAS session perform sensitive operations without entering the current password (e.g., changing the password, adding/removing ...

8.3CVSS6.4AI score0.00427EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/16 6:44 p.m.6 views

EUVD-2025-34822

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

8.3CVSS6.2AI score0.00427EPSS
Exploits0References2
OSV
OSV
added 2025/10/16 6:44 p.m.5 views

CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

8.3CVSS6.8AI score0.00427EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/10 5:22 p.m.4 views

CVE-2025-10240

A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...

8.8CVSS6.7AI score0.00293EPSS
Exploits0References1
NVD
NVD
added 2025/10/09 1:15 p.m.3 views

CVE-2025-10240

A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...

8.8CVSS0.00293EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 12:43 p.m.6 views

CVE-2025-10240 Possibility of unintended actions when a user clicks a malicious link in the Progress Flowmon web application

A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...

8.8CVSS0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/09 12:43 p.m.3 views

EUVD-2025-33341

A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...

8.8CVSS6.2AI score0.00293EPSS
Exploits0References2
CVE
CVE
added 2025/10/09 12:43 p.m.13 views

CVE-2025-10240

Progress Flowmon web application prior to version 12.5.5 is vulnerable to an issue where a user who clicks a crafted or malicious link can trigger unintended actions within their existing authenticated session. The CVE entry (CVE-2025-10240) lists a high impact with CVSS 3.1 score 8.8 (AV:N/AC:L/...

8.8CVSS6.3AI score0.00293EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.6 views

PT-2025-41379

Name of the Vulnerable Software and Affected Versions Progress Flowmon versions prior to 12.5.5 Description A flaw exists in the Progress Flowmon web application that allows an attacker to manipulate authenticated users through malicious links. Clicking a crafted link can trigger unintended actio...

8.8CVSS6.3AI score0.00293EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-10170

Malware in sbrugna...

6.7CVSS6.5AI score0.00369EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-6757

Malware in sbrugna...

5.4CVSS5.5AI score0.00661EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-9987

Malware in sbrugna...

9.8CVSS9.5AI score0.01551EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-25503

Malware in sbrugna...

8.8CVSS6.9AI score0.00643EPSS
Exploits0References3
Rows per page
Query Builder