CVE-2026-42098

CVE-2026-42098 affects Sparx Enterprise Architect. An authenticated attacker can modify the client behavior (e.g., via debugger) to log in as another user or administrator, enabling “every possible change” to the repository. Affected/testing: only version 17.1 and below have been tested and confi...

EUVD-2026-30930

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...

Design/Logic Flaw

An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks...

SQLite Cross-Site Scripting Vulnerability

SQLite is a lightweight database that is ACID compliant relational database management system. A security vulnerability exists in sqlite. A remote attacker can exploit the vulnerability to modify repository parameters...

OneSignal命令注入漏洞

OneSignal is a push notification, email, and SMS application from OneSignal. OneSignal suffers from a command injection vulnerability. An attacker could use the vulnerability to take over GitHub Runner and run custom commands to steal sensitive information or make changes to the repository...