Lucene search
K

99 matches found

NVD
NVD
added 2025/11/11 1:15 a.m.4 views

CVE-2025-42885

Due to missing authentication, SAP HANA 2.0 hdbrss allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system...

5.8CVSS0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/11 12:14 a.m.2 views

CVE-2025-42885 Missing authentication in SAP HANA 2.0 (hdbrss)

Due to missing authentication, SAP HANA 2.0 hdbrss allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system...

5.8CVSS6.4AI score0.00278EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6966

Malicious code in bioql PyPI...

6.8CVSS5.9AI score0.0064EPSS
Exploits1References4
OSV
OSV
added 2025/09/23 11:15 a.m.3 views

CVE-2024-4598

An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state is not properly isolated or cleared between...

6.5CVSS6.3AI score0.00299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/01 1:17 p.m.2 views

CVE-2025-0165

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

7.6CVSS7.3AI score0.0037EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

SUSE SLES15: postgresql14 / postgresql14-contrib / postgresql14-devel / etc (SUSE-SU-2025:03019-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03019-1 advisory. Upgrade to 14.19: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child...

8.8CVSS7.4AI score0.00709EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

SUSE SLES12: postgresql14 / postgresql14-contrib / postgresql14-devel / etc (SUSE-SU-2025:03020-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03020-1 advisory. Upgrade to 14.19: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. -...

8.8CVSS7.4AI score0.00709EPSS
Exploits1References10
SUSE Linux
SUSE Linux
added 2025/08/29 3:14 p.m.3 views

Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.19: CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code in...

8.8CVSS7.8AI score0.00709EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2025/08/27 4:23 p.m.1 views

CVE-2025-20348 Cisco Nexus Dashboard Unauthorized REST API Vulnerability

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...

5CVSS6.3AI score0.00273EPSS
Exploits0References1
OSV
OSV
added 2025/08/14 1:15 p.m.9 views

AZL-66321 CVE-2025-8713 affecting package postgresql for versions less than 14.19-1

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this...

3.1CVSS7.1AI score0.00205EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.3 views

PT-2025-32386 · Mitel · Micollab +1

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.8 SP2 9.8.2.12 Description: A vulnerability exists in the NuPoint Unified Messaging NPM component that could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input...

9.8CVSS6.7AI score0.00492EPSS
Exploits1References6
CVE
CVE
added 2025/08/08 12:0 a.m.23 views

CVE-2025-52913

The CVE-2025-52913 affects Mitel MiCollab’s NuPoint Unified Messaging (NPM) component up to version 9.8 SP2 (9.8.2.12). The root cause is insufficient input validation, enabling an unauthenticated attacker to perform a path traversal attack. Exploitation could grant unauthorized access to view, c...

9.8CVSS6.7AI score0.00492EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.2 views

D-Link DI-7003GV2 安全漏洞

The D-Link DI-7003GV2 is a router from China-based AUO D-Link. The D-Link DI-7003GV2 suffers from an information disclosure vulnerability that originates in the file /H5/stateview.data function sub41E304, which is not sufficiently protected for sensitive information and can be exploited by an...

6.5CVSS6.2AI score0.66064EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/01/10 12:0 a.m.3 views

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap open source. A security vulnerability exists in REDCap version 14.9.6, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that allows an attacker to send a CSV file to the victim to view...

6.1CVSS5.6AI score0.00273EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/19 12:0 a.m.6 views

IBM Concert 安全漏洞

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. A...

9.8CVSS7.6AI score0.00437EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.4 views

PT-2024-10843 · WordPress · Indeed Membership Pro

Name of the Vulnerable Software and Affected Versions: Indeed Membership Pro plugin for WordPress versions 7.3 through 8.6 Description: The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions. This makes it...

6.3CVSS7AI score0.00339EPSS
Exploits0References8
OSV
OSV
added 2024/09/12 9:15 p.m.2 views

CVE-2024-7960

The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not...

9.1CVSS5.8AI score0.00452EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/14 12:0 a.m.3 views

Adobe Commerce 安全漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A security bypass vulnerability exists in Adobe Commerce, which could be exploited by an attacker to bypass security measures to view and edit...

5.4CVSS6.6AI score0.00385EPSS
Exploits0References3
OSV
OSV
added 2024/05/03 7:15 p.m.4 views

CVE-2021-20451

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643...

7.2CVSS5.9AI score0.00504EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/11/17 12:0 a.m.5 views

The vulnerability of the IBM Security Guardium information protection mechanism lies in its failure to protect the structure of SQL queries. This allows attackers to view, add, modify, or delete information in the internal database.

The vulnerability of the IBM Security Guardium security tool is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to remotely access, view, add, modify, or delete information in the internal database...

8CVSS6AI score0.00429EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder