CVE-2025-61943

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Standard User to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server...

EUVD-2025-35283

Vulnerability in the RDBMS Functional Index component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise RDBMS Functional Index...

CVE-2025-11949 Digiwin｜EasyFlow .NET and EasyFlow AiNet - Missing Authentication

EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality...

CVE-2025-11949

EasyFlow .NET and EasyFlow AiNet (Digiwin) are affected by a Missing Authentication vulnerability. Unauthenticated remote attackers may obtain database administrator credentials via a specific functionality. CVSS data in the initial entry indicates a high-severity risk (3.1: 7.5, 4.0: 8.7). Affec...

Digiwin EasyFlow .NET 访问控制错误漏洞

Digiwin EasyFlow .NET is an enterprise-class workflow management WFM platform from Digiwin. NET suffers from an access control error vulnerability that stems from a lack of authentication, which could allow an unauthenticated remote attacker to obtain database administrator credentials...

EUVD-2018-12209

Malware in sbrugna...

EUVD-2017-10355

Malware in sbrugna...

EUVD-2017-10524

Malware in sbrugna...

EUVD-2018-12212

Malware in sbrugna...

EUVD-2023-32832

Malicious code in bioql PyPI...

EUVD-2024-44563

Malicious code in bioql PyPI...

CVE-2025-42951

Due to broken authorization, SAP Business One SLD allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, and availability of the application...

CVE-2025-42951

CVE-2025-42951 corresponds to a broken authorization flaw in SAP Business One (SLD). An authenticated attacker can invoke the relevant API to gain administrator privileges on the database, impacting confidentiality, integrity, and availability. The CVSS 3.1 metrics indicate network access with lo...

CVE-2025-42951 Broken Authorization in SAP Business One (SLD)

Due to broken authorization, SAP Business One SLD allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, and availability of the application...

PT-2025-32611 · Sap · Sap Business One

Name of the Vulnerable Software and Affected Versions: SAP Business One SLD affected versions not specified Description: SAP Business One SLD suffers from a broken authorization issue. An authenticated attacker can gain administrator privileges on a database by invoking the corresponding API. Thi...

📄 Oracle 23ai / 21c / 19c Privilege Escalation

Oracle versions 23ai, 21c, and 19c suffer from a privilege escalation vulnerability that allows DBA access. Title: Oracle 23ai Privilege Escalation From GRANT ANY ROLE To DBA Role Vendor: Oracle Product: Oracle database system Affected Versions: 23ai , 21c , 19c Risk Level: Medium Author of...

IBM DB2 DoS (7235069) (Unix)

According to it self-reported version number, IBM Db2 is affected by a remote code execution vulnerability as a database administrator of one database may execute code or read/write files from another database within the same instance. Note that Nessus has not tested for this issue but has instea...

CVE-2023-29257

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011...

CVE-2021-2332

Vulnerability in the Oracle LogMiner component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle LogMiner...

CVE-2024-8774 Privilege Escalation in SIMPLE.ERP

The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch [email protected], which removed the...