Lucene search
K

712 matches found

OSV
OSV
added 2023/01/10 4:15 a.m.1 views

CVE-2023-0016

SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database...

8.8CVSS7.4AI score0.00616EPSS
Exploits0References2
Prion
Prion
added 2023/01/10 4:15 a.m.19 views

Sql injection

SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database...

6.5CVSS8.9AI score0.00616EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/10 3:13 a.m.6 views

CVE-2023-0016 SQL Injection vulnerability in SAP Business Planning and Consolidation MS

SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database...

9.9CVSS7.9AI score0.00616EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/01/10 12:0 a.m.21 views

CVE-2023-22909

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow...

6AI score0.00867EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/01/10 12:0 a.m.45 views

CVE-2023-22909

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow...

5.3CVSS5.9AI score0.00867EPSS
Exploits0References2
OSV
OSV
added 2022/11/21 11:15 a.m.3 views

CVE-2022-1578

The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack...

8.8CVSS5.9AI score0.00425EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/11/10 12:0 a.m.3 views

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics Taiwan, China used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes and maximize...

8.8CVSS8.3AI score0.07686EPSS
Exploits0References3
Veracode
Veracode
added 2022/11/02 8:23 a.m.14 views

SQL Injection

github.com/ibax-io/go-ibax is vulnerable to SQL injection. The vulnerability exists in the GetRowsInfo function of database.go due to improper argument handling of the database queries which allows an attacker to inject and execute arbitrary SQL queries...

8.8CVSS9.2AI score0.02241EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2022/11/02 8:11 a.m.15 views

SQL Injection

github.com/ibax-io/go-ibax is vulnerable to SQL injection. The vulnerability exists in the GetRowsInfo function of database.go due to improper argument handling of the database queries which allows an attacker to inject and execute arbitrary SQL queries...

8.8CVSS9.2AI score0.30082EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2022/11/02 5:41 a.m.21 views

SQL Injection

github.com/ibax-io/go-ibax is vulnerable to SQL injection. The vulnerability exists in the GetRowsInfo function of database.go due to improper argument handling of the database queries which allows an attacker to inject and execute arbitrary SQL queries...

8.8CVSS9.2AI score0.00506EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.3 views

Apache Isis 安全漏洞

Apache Isis is the United States Apache Apache Foundation , a framework for rapid development of domain-driven applications in Java . Apache Isis suffers from an authorization issue vulnerability that stems from the h2 webconsole module accessible in the prototype menu automatically providing the...

5.3CVSS6.6AI score0.01198EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/06 12:0 a.m.5 views

Rockwell Automation Factory Talk VantagePoint 安全漏洞

Rockwell Automation Factory Talk VantagePoint is an advanced industrial application ecosystem from Rockwell Automation, Inc. An access control error vulnerability exists in Rockwell Automation Factory Talk VantagePoint, which stems from improper access control of its FactoryTalk VantagePoint...

8.8CVSS7.6AI score0.0127EPSS
Exploits0References3
OSV
OSV
added 2022/09/28 4:15 a.m.6 views

CVE-2022-39029

Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information...

6.5CVSS5.8AI score0.0064EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/08/08 1:51 p.m.1 views

CVE-2022-2460 WPDating < 7.4.0 - Multiple Unauthenticated SQLi

The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities exploitable by unauthenticated users...

7.9AI score0.0089EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/08/03 4:15 p.m.3 views

CVE-2022-34871

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a...

7.2CVSS6AI score0.02337EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/07 12:0 a.m.6 views

PT-2022-22406 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the configuration of...

7.2CVSS7.2AI score0.02337EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/06/29 12:0 a.m.34 views

Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql

A malicious actor can read arbitrary files from a client that uses ruby-mysql to communicate to a rogue MySQL server and issue database queries. In these cases, the server has the option to create a database reply using the LOAD DATA LOCAL statement, which instructs the client to provide addition...

6.5CVSS6.6AI score0.01107EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/06/29 12:0 a.m.34 views

GHSA-73PR-G6JJ-5HC9 Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql

A malicious actor can read arbitrary files from a client that uses ruby-mysql to communicate to a rogue MySQL server and issue database queries. In these cases, the server has the option to create a database reply using the LOAD DATA LOCAL statement, which instructs the client to provide addition...

6.5CVSS6.4AI score0.01107EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/05/26 12:0 a.m.5 views

PT-2022-23717 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.2.3490 Description: This issue allows remote attackers to bypass authentication on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...

9.1CVSS9.4AI score0.06015EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/05/26 12:0 a.m.5 views

PT-2022-23723 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.2.3490 Description: This issue allows remote attackers to bypass authentication on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...

9.8CVSS7.8AI score0.06534EPSS
Exploits0References4
Rows per page
Query Builder