Lucene search
K

104 matches found

Vulnrichment
Vulnrichment
added 2025/12/18 12:22 p.m.3 views

CVE-2025-14618 Sweet Energy Efficiency <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Graph Deletion

The Sweet Energy Efficiency plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on the 'sweetenergyefficiencyaction' AJAX handler in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers...

4.3CVSS4.9AI score0.00202EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/11 3:47 a.m.11 views

CVE-2025-12864

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS8.1AI score0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/10 2:19 a.m.3 views

CVE-2025-12865 e-Excellence|U-Office Force - SQL Injection

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS7.8AI score0.00321EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/10 2:15 a.m.6 views

CVE-2025-12864 e-Excellence|U-Office Force - SQL Injection

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS0.00321EPSS
Exploits0References2
OSV
OSV
added 2025/09/27 1:1 a.m.5 views

CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...

8.1CVSS6.5AI score0.00306EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/17 2:55 a.m.11 views

CVE-2025-10452

Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...

9.8CVSS7.1AI score0.00604EPSS
Exploits0References1
NVD
NVD
added 2025/09/15 3:15 a.m.5 views

CVE-2025-10452

Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...

9.8CVSS0.00604EPSS
Exploits0References2
CVE
CVE
added 2025/09/15 2:47 a.m.19 views

CVE-2025-10452

The CVE-2025-10452 entry concerns Gotac’s Statistical Database System. The connected documents confirm a Missing Authentication vulnerability that allows unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges (CVSS v3.1/4.0 scores CRITICAL). Affe...

9.8CVSS6.8AI score0.00604EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/15 2:47 a.m.2 views

CVE-2025-10452 Gotac|Statistical Database System - Missing Authentication

Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...

9.8CVSS6.8AI score0.00604EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.4 views

Gotac Statistical Database System 访问控制错误漏洞

Gotac Statistical Database System is a statistical database system from Gotac Corporation in Taiwan, China. An access control error vulnerability exists in the Gotac Statistical Database System, which stems from a lack of authentication, and could allow an unauthenticated, remote attacker to read...

9.8CVSS6.7AI score0.00604EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/11 3:19 a.m.5 views

CVE-2025-42958

Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the...

9.1CVSS6.2AI score0.00668EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.3 views

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability in SAP NetWeaver Application Server can be exploited by an attacker to potentially cause sensitive information to be read, modified, or deleted...

9.1CVSS6.4AI score0.00668EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/31 3:42 a.m.4 views

CVE-2025-8861

TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents...

9.8CVSS7.1AI score0.00488EPSS
Exploits0References1
NVD
NVD
added 2025/08/29 4:15 a.m.3 views

CVE-2025-8861

TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents...

9.8CVSS0.00488EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/29 3:28 a.m.5 views

CVE-2025-8861 Changing|TSA - Missing Authentication

TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents...

9.8CVSS0.00488EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/07/18 12:0 a.m.7 views

The vulnerability of the Oracle Database Materialized View component of the Oracle Database Server allows a attacker to gain access to read, modify, or delete data.

The vulnerability of the Oracle Database Materialized View component in the Oracle Database Server management system is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, or delete data...

4CVSS7.2AI score0.00256EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/03 12:0 a.m.7 views

The vulnerability of the microprogramming software of Schneider Electric’s programmable logic controller Modicon M340 and its network modules BMXNOE0100, BMXNOE0110, and BMXNOR0200H lies in the insufficient protection of operational data. This allows unauthorized access by intruders to read, modify, or delete data, or to cause malfunctions in the system.

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 programmable logic controller, as well as the network modules BMXNOE0100, BMXNOE0110, and BMXNOR0200H, is related to insufficient protection for operational data. Exploiting this vulnerability can allow an...

9CVSS5.5AI score0.00334EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 2:29 a.m.5 views

CVE-2023-3264

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...

9.8CVSS7.4AI score0.00469EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/02 12:0 a.m.4 views

Le-show Medical Practice Management System SQL注入漏洞

Le-show Medical Practice Management System is an integrated management system for medical clinics by Le-show, a Chinese company. A SQL injection vulnerability exists in Le-show Medical Practice Management System V3.0.25 and prior versions, which stems from a SQL injection vulnerability that could...

9.8CVSS7.8AI score0.00456EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/04/16 12:0 a.m.10 views

The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260, a multi-functional instrument for measuring parameters of electrical circuits, allows a hacker to gain access to read, modify, and delete data.

The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260 multi-functional measurement instruments for electrical networks lies in the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker to gain access to read, modify, and delet...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References2
Rows per page
Query Builder