The vulnerability was exploited in Microsoft SQL Server

Microsoft has identified a vulnerability in SQL Server. A malicious individual with authorized access can exploit this vulnerability to execute arbitrary code under the control of the SQL Server. Microsoft has provided updates that address the described vulnerabilities. We recommend that you...

CVE-2026-40342

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE...

CVE-2025-34329

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodesfiles/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates t...

CVE-2025-34322

Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, certain user-controlled settings—including model selection and connection parameters—are read from the...

CVE-2025-34322 Nagios Log Server < 2026R1.0.1 Authenticated Command Injection via Natural Language Queries

Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, certain user-controlled settings—including model selection and connection parameters—are read from the...

EUVD-2019-9269

Malware in sbrugna...

Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17934)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from an input validation error vulnerability that can be exploited by an attacker to view a server...

Apache Zeppelin Path Traversal vulnerability

Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators e.g .., attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin from 0.9.0 before 0.11.0. Users are recommended to upgrade t...

Apache Zeppelin 输入验证错误漏洞

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from an input validation error vulnerability that can be exploited by an attacker to view a server...

PT-2023-4986 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to errors in access control, allowing a remote attacker to execute arbitrary code in the context of the server account by making a network call. This...

Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2023-64865)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server, which can be exploited...

Microsoft Exchange Server 安全漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server, which can be exploited...

CVE-2023-29152

By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account...

Design/Logic Flaw

By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account...

CVE-2023-29152

CVE-2023-29152 affects PTC Vuforia Studio (all versions prior to 9.9). The vulnerability stems from altering the filename parameter in a request, enabling an attacker to delete arbitrary files with the Vuforia server account’s permissions. Impact is file deletion with potential persistence risk a...

CVE-2023-29152 PTC Vuforia Studio Improper Authorization

By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account...

PT-2022-24548 · Rockwell Automation · Factorytalk Vantagepoint

Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 Description: The issue is related to an improper access control vulnerability. A malicious user with read-only privileges could potentially execute SQL statemen...

CVE-2022-38743

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. ...

CVE-2022-24732 Maddy Mail Server does not implement account expiry

Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing...

CVE-2021-40694

Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account...