Lucene search
K

808 matches found

RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.5 views

CVE-2025-66605

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. The affected products and versions are as follows:...

5.3CVSS5.3AI score0.00169EPSS
Exploits0References1
OSV
OSV
added 2026/02/09 4:15 a.m.3 views

CVE-2025-66605

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. The affected products and versions are as follows:...

5.3CVSS5.7AI score
Exploits0References1
NVD
NVD
added 2026/02/09 4:15 a.m.8 views

CVE-2025-66605

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. The affected products and versions are as follows:...

5.3CVSS0.00169EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 3:13 a.m.16 views

CVE-2025-66605

CVE-2025-66605 affects Yokogawa FAST/TOOLS, specifically the components/packages RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB, in versions R9.01–R10.04. The public descriptions indicate a client-side issue where input fields with the autocomplete attribute enabled may cause entered data to be saved in t...

5.3CVSS5.2AI score0.00169EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/09 3:13 a.m.5 views

CVE-2025-66605

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. The affected products and versions are as follows:...

2.1CVSS5.3AI score0.00169EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/09 3:13 a.m.3 views

CVE-2025-66605

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. The affected products and versions are as follows:...

2.1CVSS5.2AI score0.00169EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/09 3:13 a.m.30 views

CVE-2025-66605

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. The affected products and versions are as follows:...

2.1CVSS0.00169EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.9 views

PT-2026-7053

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since there are input fields on this webpage with the autocomplete attribute enabled, the input content could be saved in the browser the user is using. The affected products and versions are as follows:...

2.1CVSS5.3AI score0.00169EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.5 views

Yokogawa FAST/TOOLS 安全漏洞

Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the versions of Yokogawa FAST/TOOLS from R9.01 to R10.04. These vulnerabilities stem from the use of autocomplete features for web...

5.3CVSS5.8AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.7 views

CVE-2026-25514

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

8.8CVSS5.5AI score0.00473EPSS
Exploits3References1
NVD
NVD
added 2026/02/04 8:16 p.m.8 views

CVE-2026-25514

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

8.8CVSS0.00473EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/02/04 7:59 p.m.28 views

CVE-2026-25514 FacturaScripts has SQL Injection vulnerability in Autocomplete Actions

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

8.7CVSS0.00473EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2026/02/04 7:59 p.m.5 views

CVE-2026-25514 FacturaScripts has SQL Injection vulnerability in Autocomplete Actions

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

8.7CVSS5.6AI score0.00473EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/02/04 7:59 p.m.3 views

CVE-2026-25514

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

8.7CVSS5.6AI score0.00473EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2026/02/04 7:59 p.m.30 views

CVE-2026-25514

FacturaScripts (open-source ERP) contains a SQL injection in the autocomplete action via CodeModel::all() where user-controlled values are concatenated into SQL. Affected versions are prior to 2025.81; authenticated attackers can extract data including credentials, configuration, and business dat...

8.8CVSS5.6AI score0.00473EPSS
Exploits3References2Affected Software1
OSV
OSV
added 2026/02/04 7:59 p.m.5 views

CVE-2026-25514 FacturaScripts has SQL Injection vulnerability in Autocomplete Actions

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

8.7CVSS5.6AI score0.00473EPSS
Exploits3References4
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.6 views

CVE-2025-52623

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects...

6.5CVSS5.4AI score0.00151EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 7:16 p.m.3 views

CVE-2025-52623

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects...

6.5CVSS5.8AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 7:16 p.m.9 views

CVE-2025-52623

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects...

6.5CVSS0.00151EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/03 6:17 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the all function. An attacker can extract sensitive information from the database, including user credentials, configuration settings, and business data by injecting malicious SQL queries through user-controlled...

8.8CVSS5.8AI score0.00473EPSS
Exploits3References2
Rows per page
Query Builder