Lucene search
+L

179 matches found

redhatcve
redhatcve
added 2025/03/08 1:20 a.m.19 views

CVE-2025-25763

crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead in /system/SystemDatabackupServices.php...

9.8CVSS8.4AI score0.00871EPSS
Exploits0References1
hackread
hackread
added 2025/02/12 5:8 p.m.10 views

Online Threats Are Rising -Here’s Why Companies Must Improve Their Cybersecurity

Cybersecurity is a must as online threats rise. Businesses must train employees, back up data, and adopt strong…...

7.3AI score
Exploits0
cnvd
cnvd
added 2024/12/13 12:0 a.m.4 views

Dell Avamar SQL Injection Vulnerability (CNVD-2025-18250)

Dell Avamar is a software solution for data backup and recovery. A SQL injection vulnerability exists in Dell Avamar. The vulnerability stems from an improper neutralization of special elements in SQL commands. An attacker could exploit this vulnerability to perform command execution...

9.8CVSS8.2AI score0.00694EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/12/10 12:0 a.m.8 views

Dell Avamar SQL注入漏洞

Dell Avamar is a data backup and recovery software. A SQL injection vulnerability exists in Dell Avamar. The vulnerability stems from a lack of proper neutralization of specific elements used in SQL commands. An attacker could exploit the vulnerability to execute commands...

8.8CVSS8AI score0.00626EPSS
Exploits0References1
nvd
nvd
added 2024/11/22 8:15 p.m.30 views

CVE-2024-1868

G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

7.8CVSS0.00401EPSS
Exploits0References1
nvd
nvd
added 2024/09/10 3:15 p.m.32 views

CVE-2024-45044

Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation i.e. "w" for "whoami" the ACL check did not apply to the full form i.e. "whoami" but to the abbreviated...

8.8CVSS0.00531EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/09/10 2:57 p.m.17 views

CVE-2024-45044 Bareos's negative command ACLs can be circumvented by abbreviating commands

Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation i.e. "w" for "whoami" the ACL check did not apply to the full form i.e. "whoami" but to the abbreviated...

8.8CVSS7.2AI score0.00531EPSS
Exploits0References3
cve
cve
added 2024/09/03 8:15 p.m.56 views

CVE-2024-45394

The CVE-2024-45394 entry concerns the Authenticator browser extension. In versions 7.0.0 and earlier, user data encryption keys were stored at-rest with AES-256 using EVP_BytesToKey as the KDF, enabling brute-force attacks if an attacker obtains a copy of the user data. Versions 8.0.0 and above a...

8.8CVSS8.2AI score0.00088EPSS
Exploits0References2Affected Software1
rapid7blog
rapid7blog
added 2024/08/09 1:0 p.m.12 views

Key Takeaways From The Take Command Summit: Unlocking Security Success

As cybersecurity threats continue to evolve, so must our defenses. The recent Rapid7 Take Command Summit provided invaluable insights into preparing for, responding to, and recovering from ransomware attacks. Here are three essential takeaways from the session, "Before, During, & After Ransomware...

7.5AI score
Exploits0
citrix
citrix
added 2024/07/22 12:0 a.m.10 views

Driver Disk for Microsemi smartpqi 2.1.30_031 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Microsemi's smartpqi driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- smartpqi| SAS/Storage Controller| 2.1.30031...

7.1AI score
Exploits0
githubexploit
githubexploit
added 2024/07/15 8:45 a.m.427 views

Exploit for Special Element Injection in Google Android

CVE-2024-0044-EXP Uses CVE-2024-0044 to extract data from ba...

7.8CVSS5.8AI score0.0146EPSS
Exploits17
zdi
zdi
added 2024/05/31 12:0 a.m.16 views

G DATA Total Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...

7.8CVSS7.5AI score0.00401EPSS
Exploits0
zdi
zdi
added 2024/05/31 12:0 a.m.20 views

G DATA Total Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...

7.8CVSS7.5AI score0.00401EPSS
Exploits0
osv
osv
added 2024/05/25 11:39 p.m.3 views

MGASA-2024-0193 Updated roundcubemail packages fix security vulnerabilities

This is a security update to the stable version 1.6 of Roundcube Webmail. Fix cross-site scripting XSS vulnerability in handling SVG animate attributes. Reported by Valentin T. and Lutz Wolf of CrowdStrike. Fix cross-site scripting XSS vulnerability in handling list columns from user preferences...

6.6AI score
Exploits0References3
nvd
nvd
added 2024/05/03 2:15 a.m.14 views

CVE-2023-27347

G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

7.8CVSS7.8AI score0.00396EPSS
Exploits0References1
cve
cve
added 2024/05/03 1:56 a.m.55 views

CVE-2023-27347

CVE-2023-27347 affects G Data Total Security, specifically the Backup Service. The flaw allows local attackers who can execute low-privileged code to leverage a symbolic link in the Backup Service to create arbitrary files, enabling privilege escalation to the SYSTEM context. The vulnerability is...

7.8CVSS7.8AI score0.00396EPSS
Exploits0References1Affected Software1
cnvd
cnvd
added 2024/02/22 12:0 a.m.12 views

Dell PowerProtect Data Manager Operating System Command Injection Vulnerability

Dell PowerProtect Data Manager PPDM is a set of data protection solutions from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. An operating system command injection vulnerability exists in Dell PowerProtect Data Manager version 19.15 an...

7.2CVSS7.3AI score0.01439EPSS
Exploits0References1
nessus
nessus
added 2024/01/31 12:0 a.m.26 views

Omron CS/CJ Series Missing Authentication For Critical Function (CVE-2022-45794)

Omron CS/CJ series programmable logic controllers are missing authentication for the file system. This could allow an attacker to access the file system via memory card or EM file memory and obtain all available sensitive information. This plugin only works with Tenable.ot. Please visit...

8.6CVSS7.1AI score0.00536EPSS
Exploits0References4
veeam
veeam
added 2023/12/26 12:0 a.m.44 views

Release Information for Veeam Backup for Microsoft 365 7a Cumulative Patches

Requirements This Cumulative Patch can be used to: update manually from a previous Veeam Backup for Microsoft 365 7a release to the latest Cumulative Patch. upgrade an existing pre-7a Veeam Backup for Microsoft 365 server to Veeam Backup for Microsoft 365 7a with the latest Cumulative Patch...

6.7AI score
Exploits0Affected Software1
nvd
nvd
added 2023/11/03 4:15 a.m.25 views

CVE-2023-36620

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is...

4.6CVSS4.7AI score0.00538EPSS
Exploits2References3
Rows per page
Query Builder