99 matches found
CVE-2025-42885
Due to missing authentication, SAP HANA 2.0 hdbrss allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system...
CVE-2025-42885 Missing authentication in SAP HANA 2.0 (hdbrss)
Due to missing authentication, SAP HANA 2.0 hdbrss allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system...
EUVD-2022-6966
Malicious code in bioql PyPI...
CVE-2024-4598
An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state is not properly isolated or cleared between...
CVE-2025-0165
IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...
SUSE SLES15: postgresql14 / postgresql14-contrib / postgresql14-devel / etc (SUSE-SU-2025:03019-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03019-1 advisory. Upgrade to 14.19: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child...
SUSE SLES12: postgresql14 / postgresql14-contrib / postgresql14-devel / etc (SUSE-SU-2025:03020-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03020-1 advisory. Upgrade to 14.19: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. -...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgrade to 14.19: CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code in...
CVE-2025-20348 Cisco Nexus Dashboard Unauthorized REST API Vulnerability
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...
AZL-66321 CVE-2025-8713 affecting package postgresql for versions less than 14.19-1
PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this...
PT-2025-32386 · Mitel · Micollab +1
Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.8 SP2 9.8.2.12 Description: A vulnerability exists in the NuPoint Unified Messaging NPM component that could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input...
CVE-2025-52913
The CVE-2025-52913 affects Mitel MiCollab’s NuPoint Unified Messaging (NPM) component up to version 9.8 SP2 (9.8.2.12). The root cause is insufficient input validation, enabling an unauthenticated attacker to perform a path traversal attack. Exploitation could grant unauthorized access to view, c...
D-Link DI-7003GV2 安全漏洞
The D-Link DI-7003GV2 is a router from China-based AUO D-Link. The D-Link DI-7003GV2 suffers from an information disclosure vulnerability that originates in the file /H5/stateview.data function sub41E304, which is not sufficiently protected for sensitive information and can be exploited by an...
REDCap 安全漏洞
REDCap is a data collection and management web application from REDCap open source. A security vulnerability exists in REDCap version 14.9.6, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that allows an attacker to send a CSV file to the victim to view...
IBM Concert 安全漏洞
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. A...
PT-2024-10843 · WordPress · Indeed Membership Pro
Name of the Vulnerable Software and Affected Versions: Indeed Membership Pro plugin for WordPress versions 7.3 through 8.6 Description: The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions. This makes it...
CVE-2024-7960
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not...
Adobe Commerce 安全漏洞
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A security bypass vulnerability exists in Adobe Commerce, which could be exploited by an attacker to bypass security measures to view and edit...
CVE-2021-20451
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643...
The vulnerability of the IBM Security Guardium information protection mechanism lies in its failure to protect the structure of SQL queries. This allows attackers to view, add, modify, or delete information in the internal database.
The vulnerability of the IBM Security Guardium security tool is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to remotely access, view, add, modify, or delete information in the internal database...