Lucene search
K

60 matches found

CNNVD
CNNVD
added 2024/06/24 12:0 a.m.6 views

DataGear Security Breach

DataGear is an open source, free data visualization and analysis platform from DataGear, Inc. A security vulnerability exists in DataGear v5.0.0 and prior versions, which originates from the Data Viewing interface containing a SpEL expression injection...

9.8CVSS7AI score0.0282EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2024/06/24 12:0 a.m.20 views

CVE-2024-37759

DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...

7.7AI score0.0282EPSS
Exploits2References2
Prion
Prion
added 2024/03/08 2:15 a.m.18 views

Code injection

A privacy issue was addressed by not logging contents of text fields. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to view Mail data...

6AI score0.00215EPSS
Exploits0References3
OSV
OSV
added 2023/12/14 10:15 p.m.3 views

DEBIAN-CVE-2023-49344

Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present...

7.8CVSS6.3AI score0.00303EPSS
Exploits0References1
Prion
Prion
added 2023/05/11 6:15 p.m.19 views

Cross site scripting

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation...

5.8CVSS6.1AI score0.0049EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.6 views

Rockwell Automation ArmorStart ST 跨站脚本漏洞

Rockwell Automation ArmorStart ST is a simple and cost-effective solution for machine-side control architectures from Rockwell Automation. A cross-site scripting vulnerability exists in Rockwell Automation ArmorStart ST, which can be exploited by an attacker to view and modify sensitive data or...

6.5CVSS6.1AI score0.0062EPSS
Exploits0References3
OSV
OSV
added 2023/01/11 5:15 p.m.5 views

CVE-2022-40615

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208...

9.8CVSS5.9AI score0.00688EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/28 12:0 a.m.6 views

Simple Cold Storage Management System SQL注入漏洞

Simple Cold Storage Management System is a simple cold storage management system. A SQL injection vulnerability exists in Simple Cold Storage Management System. An attacker could use this vulnerability to view, add, modify, or delete information in a back-end database...

7.2CVSS7.7AI score0.01066EPSS
Exploits2References4
NVD
NVD
added 2022/10/26 3:15 p.m.36 views

CVE-2022-20811

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the...

7.2CVSS0.0066EPSS
Exploits0References1
OSV
OSV
added 2022/10/11 9:15 p.m.5 views

CVE-2022-39800

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited...

6.1CVSS5.9AI score0.00583EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/10/04 12:0 a.m.6 views

The vulnerability of the SAP NetWeaver Enterprise Portal software integration platform lies in the lack of security measures for the website structure, allowing attackers to view, add, modify, or delete data.

The vulnerability of the SAP NetWeaver Enterprise Portal software integration platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to remotely view, add, modify, or delete data...

6.1CVSS6.3AI score0.00794EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/10/04 12:0 a.m.6 views

The vulnerability of the SAP Enterprise Portal software integration platform lies in its lack of protection for website structures, allowing attackers to view, add, modify, or delete data.

The vulnerability of the SAP Enterprise Portal software integration platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to remotely view, add, modify, or delete data...

6.4CVSS6.3AI score0.00664EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/08/10 8:15 p.m.14 views

Design/Logic Flaw

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application...

6.4CVSS9.3AI score0.00626EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.5 views

GARO Wallbox GLB/GTB/GTC 访问控制错误漏洞

The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in the GARO Wallbox GLB/GTB/GTC that stems from incorrect access control on the software web manager page. An attacker could use this vulnerability to view and modify...

9.1CVSS8.3AI score0.01068EPSS
Exploits0References2
CVE
CVE
added 2022/03/14 7:20 p.m.103 views

CVE-2022-24742

CVE-2022-24742 affects Sylius open-source eCommerce platforms. Prior to versions 1.9.10, 1.10.11, and 1.11.2, an attacker could view data after logout if the browser tab remains open and the back button is used; the issue is fixed in those versions and later. The available workarounds involve enf...

5.5CVSS4.9AI score0.0079EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/12/20 3:15 p.m.3 views

CVE-2021-44676

Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements e.g., access control details and modify a few aspects of the application state...

9.8CVSS7.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/12/20 12:0 a.m.10 views

PT-2021-24145 · Zoho · Zoho Manageengine Access Manager Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Access Manager Plus versions prior to 4203 Description: The issue allows anyone to view certain data elements, such as access control details, and modify some aspects of the application state. Recommendations: For versions...

9.8CVSS9.3AI score0.04371EPSS
Exploits0References4
OSV
OSV
added 2021/08/13 4:15 p.m.1 views

CVE-2021-32069

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data...

4.8CVSS5.8AI score0.00521EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/07/06 12:0 a.m.4 views

Philips Vue PACS 安全漏洞

Philips Vue PACS is an image management solution from Philips Europe. A security vulnerability exists in Philips Vue PACS. The vulnerability allows an unauthorized person or process to eavesdrop, view or modify data, gain access to the system, execute code, install unauthorized software, or affec...

6.5CVSS7.3AI score0.00653EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/07/06 12:0 a.m.19 views

Philips Vue PACS 安全漏洞

Philips Vue PACS is an image management solution from Philips Europe. A security vulnerability exists in Philips Vue PACS. The vulnerability allows an unauthorized person or process to eavesdrop, view or modify data, gain access to the system, execute code, install unauthorized software, or affec...

9.8CVSS8.7AI score0.00888EPSS
Exploits0References4
Rows per page
Query Builder