Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2025/08/05 8:6 a.m.3 views

CVE-2025-41698 Draeger: ICMHelper is vulnerable to a privilege escalation due too missing authorization

A low privileged local attacker can interact with the affected service although user-interaction should not be allowed...

7.8CVSS6.9AI score0.00119EPSS
Exploits0References1
CVE
CVE
added 2025/07/08 12:38 a.m.20 views

CVE-2025-42986

CVE-2025-42986 concerns SAP BASIS with a missing authorization check in an obsolete RFC-enabled function module. The root cause allows an authenticated, low-privilege attacker to invoke a Remote Function Call (RFC) and potentially access restricted system information. The documented impact is lim...

4.3CVSS6.4AI score0.00202EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/04/16 6:16 p.m.8 views

CVE-2025-32829

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, t...

8.8CVSS0.00683EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 5:37 p.m.52 views

CVE-2025-32831

The CVE-2025-32831 flaw affects Siemens TeleControl Server Basic (versions prior to 3.1.2.2), with SQL injection via the internal UpdateProjectUserRights method. Attackers authenticated to the system could read/write the application DB and execute code with NT AUTHORITY\NetworkService permissions...

8.8CVSS8.1AI score0.00683EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/16 5:37 p.m.6 views

CVE-2025-32825

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

8.8CVSS8.8AI score0.00683EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 5:37 p.m.11 views

CVE-2025-31349

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from...

8.8CVSS0.00732EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 5:37 p.m.52 views

CVE-2025-30032

CVE-2025-30032 affects Siemens TeleControl Server Basic (versions prior to 3.1.2.2). The vulnerability is a SQL injection in the internal UpdateDatabaseSettings method, allowing an authenticated remote attacker to bypass authorization, read/write the application database, and execute code with NT...

8.8CVSS8.8AI score0.00732EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2016/10/13 12:0 a.m.4 views

Android Fingerprint Login Feature Vulnerable

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. There is a security vulnerability in the Android fingerprint login feature. An attacker in close physical proximity can exploit the vulnerability to authorize as an arbitrary user...

7.8CVSS6.6AI score0.00189EPSS
Exploits0References1
Rows per page
Query Builder