CVE-2026-1019

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

CVE-2025-14618 Sweet Energy Efficiency <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Graph Deletion

The Sweet Energy Efficiency plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on the 'sweetenergyefficiencyaction' AJAX handler in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers...

CVE-2025-12864

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2025-12865 e-Excellence｜U-Office Force - SQL Injection

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2025-12864 e-Excellence｜U-Office Force - SQL Injection

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

EUVD-2008-2050

Malware in sbrugna...

CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...

CVE-2025-10452

Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...

CVE-2025-10452

Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...

CVE-2025-10452 Gotac｜Statistical Database System - Missing Authentication

Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...

CVE-2025-10452

The CVE-2025-10452 entry concerns Gotac’s Statistical Database System. The connected documents confirm a Missing Authentication vulnerability that allows unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges (CVSS v3.1/4.0 scores CRITICAL). Affe...

PT-2025-37444

Name of the Vulnerable Software and Affected Versions: Gotac Statistical Database System affected versions not specified Description: The Gotac Statistical Database System has a Missing Authentication vulnerability. This allows unauthenticated remote attackers to read, modify, and delete database...

Gotac Statistical Database System 访问控制错误漏洞

Gotac Statistical Database System is a statistical database system from Gotac Corporation in Taiwan, China. An access control error vulnerability exists in the Gotac Statistical Database System, which stems from a lack of authentication, and could allow an unauthenticated, remote attacker to read...

CVE-2025-42958

Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the...

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability in SAP NetWeaver Application Server can be exploited by an attacker to potentially cause sensitive information to be read, modified, or deleted...

CVE-2025-8861

TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents...

CVE-2025-8861

TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents...

CVE-2025-8861 Changing｜TSA - Missing Authentication

TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents...

The vulnerability of the Oracle Database Materialized View component of the Oracle Database Server allows a attacker to gain access to read, modify, or delete data.

The vulnerability of the Oracle Database Materialized View component in the Oracle Database Server management system is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, or delete data...

The vulnerability of the microprogramming software of Schneider Electric’s programmable logic controller Modicon M340 and its network modules BMXNOE0100, BMXNOE0110, and BMXNOR0200H lies in the insufficient protection of operational data. This allows unauthorized access by intruders to read, modify, or delete data, or to cause malfunctions in the system.

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 programmable logic controller, as well as the network modules BMXNOE0100, BMXNOE0110, and BMXNOR0200H, is related to insufficient protection for operational data. Exploiting this vulnerability can allow an...