Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/27 12:0 a.m.2 views

CVE-2026-30689

In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end...

7.5CVSS5.8AI score0.00277EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/08/23 12:0 a.m.6 views

PT-2025-34502 · Liferay · Liferay Portal +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.131 Liferay DXP versions 2024.Q1.1 through 2024.Q1.15 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

5.1CVSS5.8AI score0.00296EPSS
Exploits0References9
OSV
OSV
added 2025/04/29 8:15 p.m.3 views

CVE-2024-57698

An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the...

7.5CVSS5.8AI score0.00344EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2023/07/26 12:0 a.m.5 views

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System’s global network gateways, related to the lack of protection for administrative data, allows a hacker to read the administrator’s password hash.

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System’s global network gateways is related to the lack of protection for administrative data. Exploiting this vulnerability allows a malicious actor to read the administrator’s password hash throu...

6.8CVSS7.2AI score0.01172EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2021/06/18 8:0 a.m.3 views

CVE-2021-3604

Secure 8 Evalos does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database...

9.8CVSS5.8AI score0.01634EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2019/02/20 12:0 a.m.3 views

SQL Injection Vulnerability in the front-end pa***.asp file of Eco Times Enterprise Online Bookkeeping Management System

EcoTime Enterprise Online Bookkeeping Management System is an online bookkeeping software for small and medium-sized enterprises, stores, etc. It is suitable for managing cash flow accounts, accounts receivable and payable accounts, as well as company bookkeeping and other related financial...

8AI score
Exploits0
Rows per page
Query Builder