CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

168 matches found

CVE-2025-15624

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext...

9.3CVSS5.5AI score0.00018EPSS

Exploits0References1

RedhatCVE•added 3 days ago•5 views

CVE-2025-15623

Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations...

9.3CVSS5.5AI score0.00062EPSS

Exploits0References1

RedhatCVE•added 3 days ago•5 views

CVE-2026-42096

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

8.8CVSS5.7AI score0.00046EPSS

Exploits2References1

RedhatCVE•added 3 days ago•5 views

CVE-2026-42100

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service DoS attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability,...

7.5CVSS5.5AI score0.00047EPSS

Exploits1References1

NVD•added 2026/05/27 8:16 p.m.•11 views

CVE-2026-8364

Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...

9.8CVSS0.00054EPSS

Exploits0References1

EUVD•added 2026/05/27 7:38 p.m.•9 views

EUVD-2026-32641

9.8CVSS5.8AI score0.00054EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-44098

Name of the Vulnerable Software and Affected Versions Gladinet Triofox Cloud Server Agent affected versions not specified Description Improper handling of remote HTTP messages in the GladServerAgentService.exe, which listens on TCP port 7878, allows unauthenticated attackers to potentially gain...

9.8CVSS5.9AI score0.00054EPSS

Exploits0References6

Packet Storm•added 2026/05/26 12:0 a.m.•52 views

📄 Sparx Pro Cloud Server 6.1 / Sparx Enterprise Architect 17.1 SQL Injection

Multiple vulnerabilities in Sparx Pro Cloud Server PCS versions 6.1 and below and Sparx Enterprise Architect versions 17.1 and below allow a remote unauthenticated attacker to execute arbitrary SQL queries both read and write within any configured database. In the case where PCS is installed with...

9.3CVSS6.5AI score0.00209EPSS

Exploits3

NVD•added 2026/05/19 2:16 p.m.•9 views

CVE-2026-42100

7.5CVSS0.00047EPSS

Exploits1References4

NVD•added 2026/05/19 2:16 p.m.•7 views

CVE-2026-42096

8.8CVSS0.00046EPSS

Exploits2References4

Cvelist•added 2026/05/19 12:59 p.m.•31 views

CVE-2026-42100 DoS in Sparx Pro Cloud Server

7.1CVSS0.00047EPSS

Exploits1References4

CVE•added 2026/05/19 12:59 p.m.•10 views

CVE-2026-42100

Technical details (affected products/versions, root cause, impact, mitigation) are not publicly available in the provided documents. Monitor for updates as new information may be published.

7.5CVSS5.9AI score0.00047EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/05/19 12:59 p.m.•8 views

CVE-2026-42100 DoS in Sparx Pro Cloud Server

7.1CVSS5.9AI score0.00047EPSS

Exploits1References4

EUVD•added 2026/05/19 12:59 p.m.•5 views

EUVD-2026-30932

8.7CVSS5.8AI score0.00047EPSS

Exploits3References4

EUVD•added 2026/05/19 12:59 p.m.•6 views

EUVD-2026-30931

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

9.3CVSS6AI score0.00209EPSS

Exploits3References4

CVE•added 2026/05/19 12:59 p.m.•11 views

CVE-2026-42097

Sparx products show multiple CVEs with concrete details across Pro Cloud Server and Enterprise Architect. CVE-2026-42097 describes an authentication bypass: a request can omit the model parameter and embed the model name in a POST blob, enabling SQL query execution without authentication. CVE-202...

9.3CVSS6AI score0.00209EPSS

Exploits2References4Affected Software1

Cvelist•added 2026/05/19 12:59 p.m.•35 views

CVE-2026-42097 Authentication Bypass in Sparx Pro Cloud Server

9.3CVSS0.00209EPSS

Exploits2References4

ATTACKERKB•added 2026/05/19 12:59 p.m.•5 views

CVE-2026-42097

9.3CVSS6AI score0.00209EPSS

Exploits2References5

Vulnrichment•added 2026/05/19 12:59 p.m.•9 views

CVE-2026-42096 Broken Access Control in Sparx Pro Cloud Server

8.7CVSS6AI score0.00046EPSS

Exploits2References4

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-41895

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description A race condition exists in the '/data api/dl internal artifact.php' endpoint. The application downloads object properties based on the guid parameter and saves the content i...

7.7CVSS6.2AI score0.00266EPSS

Exploits1References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by