Lucene search
K

4 matches found

NVD
NVD
added 2025/07/29 5:15 a.m.26 views

CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

9.1CVSS0.00391EPSS
Exploits0References5
CVE
CVE
added 2025/07/29 5:0 a.m.30 views

CVE-2025-8264

CVE-2025-8264 affects z-push/z-push-dev prior to version 2.7.6 due to unparameterized queries in the IMAP backend, enabling SQL Injection via the username field in basic authentication. Impact stated as attacker could access and potentially modify or delete data in a linked third-party database. ...

9.1CVSS7.5AI score0.00391EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/29 5:0 a.m.29 views

CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

9.1CVSS0.00391EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/07/29 5:0 a.m.3 views

CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

9.1CVSS7.5AI score0.00391EPSS
Exploits0References5
Rows per page
Query Builder