239 matches found
CVE-2025-65023 i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...
CVE-2025-65023 i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`
i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...
PT-2025-47474
Name of the Vulnerable Software and Affected Versions i-Educar versions prior to 2.10.0 Description i-Educar is school management software. A time-based SQL injection exists in the ieducar/intranet/funcionario vinculo cad.php script for authenticated users. An attacker with an authenticated sessi...
PT-2025-47473
Name of the Vulnerable Software and Affected Versions i-Educar versions prior to 2.10.0 Description i-Educar is school management software with a flaw that allows an authenticated attacker to execute arbitrary SQL commands against the application's database. This is due to improper handling of th...
CVE-2025-37159 Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...
CVE-2025-37159 Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...
CVE-2025-62425
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...
CVE-2025-62425
MAS (Matrix Authentication Service) is affected by a logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 that lets an attacker with access to an authenticated MAS session perform sensitive operations without entering the current password (e.g., changing the password, adding/removing ...
EUVD-2025-34822
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...
CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password
MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...
CVE-2025-10240
A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...
CVE-2025-10240
A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...
CVE-2025-10240 Possibility of unintended actions when a user clicks a malicious link in the Progress Flowmon web application
A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...
EUVD-2025-33341
A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...
CVE-2025-10240
Progress Flowmon web application prior to version 12.5.5 is vulnerable to an issue where a user who clicks a crafted or malicious link can trigger unintended actions within their existing authenticated session. The CVE entry (CVE-2025-10240) lists a high impact with CVSS 3.1 score 8.8 (AV:N/AC:L/...
PT-2025-41379
Name of the Vulnerable Software and Affected Versions Progress Flowmon versions prior to 12.5.5 Description A flaw exists in the Progress Flowmon web application that allows an attacker to manipulate authenticated users through malicious links. Clicking a crafted link can trigger unintended actio...
EUVD-2016-10170
Malware in sbrugna...
EUVD-2018-6757
Malware in sbrugna...
EUVD-2018-9987
Malware in sbrugna...
EUVD-2021-25503
Malware in sbrugna...