104 matches found
CVE-2025-14618 Sweet Energy Efficiency <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Graph Deletion
The Sweet Energy Efficiency plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on the 'sweetenergyefficiencyaction' AJAX handler in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers...
CVE-2025-12864
U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2025-12865 e-Excellence|U-Office Force - SQL Injection
U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2025-12864 e-Excellence|U-Office Force - SQL Injection
U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users
SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...
CVE-2025-10452
Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...
CVE-2025-10452
Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...
CVE-2025-10452
The CVE-2025-10452 entry concerns Gotac’s Statistical Database System. The connected documents confirm a Missing Authentication vulnerability that allows unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges (CVSS v3.1/4.0 scores CRITICAL). Affe...
CVE-2025-10452 Gotac|Statistical Database System - Missing Authentication
Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...
Gotac Statistical Database System 访问控制错误漏洞
Gotac Statistical Database System is a statistical database system from Gotac Corporation in Taiwan, China. An access control error vulnerability exists in the Gotac Statistical Database System, which stems from a lack of authentication, and could allow an unauthenticated, remote attacker to read...
CVE-2025-42958
Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability in SAP NetWeaver Application Server can be exploited by an attacker to potentially cause sensitive information to be read, modified, or deleted...
CVE-2025-8861
TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents...
CVE-2025-8861
TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents...
CVE-2025-8861 Changing|TSA - Missing Authentication
TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents...
The vulnerability of the Oracle Database Materialized View component of the Oracle Database Server allows a attacker to gain access to read, modify, or delete data.
The vulnerability of the Oracle Database Materialized View component in the Oracle Database Server management system is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, or delete data...
The vulnerability of the microprogramming software of Schneider Electric’s programmable logic controller Modicon M340 and its network modules BMXNOE0100, BMXNOE0110, and BMXNOR0200H lies in the insufficient protection of operational data. This allows unauthorized access by intruders to read, modify, or delete data, or to cause malfunctions in the system.
The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 programmable logic controller, as well as the network modules BMXNOE0100, BMXNOE0110, and BMXNOR0200H, is related to insufficient protection for operational data. Exploiting this vulnerability can allow an...
CVE-2023-3264
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...
Le-show Medical Practice Management System SQL注入漏洞
Le-show Medical Practice Management System is an integrated management system for medical clinics by Le-show, a Chinese company. A SQL injection vulnerability exists in Le-show Medical Practice Management System V3.0.25 and prior versions, which stems from a SQL injection vulnerability that could...
The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260, a multi-functional instrument for measuring parameters of electrical circuits, allows a hacker to gain access to read, modify, and delete data.
The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260 multi-functional measurement instruments for electrical networks lies in the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker to gain access to read, modify, and delet...