Lucene search
K

3908 matches found

Cvelist
Cvelist
added 2026/04/28 1:13 p.m.31 views

CVE-2026-40552 Remote Code Execution in mpGabinet

mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...

4.7CVSS0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/28 1:13 p.m.6 views

CVE-2026-40552

mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...

8.4CVSS5.8AI score0.00286EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/28 1:13 p.m.7 views

EUVD-2026-26046

mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...

6.9CVSS5.8AI score0.00286EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.8 views

BinSoft mpGabinet 安全漏洞

BinSoft mpGabinet is a medical clinic management system developed by the Polish company BinSoft. Versions of BinSoft mpGabinet prior to December 23, 2019, contained security vulnerabilities. These vulnerabilities stemmed from excessive user database permissions assigned to the application...

6.9CVSS5.8AI score0.00121EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.14 views

PT-2026-35720

mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the application’s memory by inspecti...

6.9CVSS5.3AI score0.00121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35722

Some increased actor activities are shown targeting BinSoft mpGabinet CVE-2026-40552 https://t.co/mUbccZwq7B...

4.7CVSS5.1AI score0.00286EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/24 3:41 p.m.13 views

Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field

Executive Summary A vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a single HTTP POST to /mutate?commitNow=true containing a...

9.1CVSS5.6AI score0.00424EPSS
Exploits1References4Affected Software3
CVE
CVE
added 2026/04/24 12:5 a.m.15 views

CVE-2026-31952

Vulnerability: CVE-2026-31952 affects Xibo CMS. Versions 1.7–4.4.0 expose an SQL injection in the API routes responsible for Filtering DataSets. An authenticated user with either the Access to DataSet Feature or Access to the Layout Feature privilege can inject crafted values to extract/modify da...

8.1CVSS5.9AI score0.00246EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/23 5:16 a.m.9 views

CVE-2026-40529

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...

5.1CVSS0.00161EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.12 views

KANATA CMS ALAYA SQL注入漏洞

KANATA CMS ALAYA is a digital content management platform for enterprises developed by KANATA Corporation in Japan. CMS ALAYA has a SQL injection vulnerability. This vulnerability stems from SQL injections, and it could allow attackers with access to the management interface to obtain or modify...

5.1CVSS5.9AI score0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/22 2:57 p.m.7 views

CVE-2018-25272 ELBA5 5.8.0 Remote Code Execution via Database Access

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

9.8CVSS6.7AI score0.00422EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 3:36 a.m.28 views

CVE-2026-6834 aEnrich|a+HRD - Missing Authorization

The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...

7.1CVSS0.00259EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 6:31 p.m.5 views

EUVD-2025-209544

SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'...

9.3CVSS5.8AI score0.00238EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 2:59 p.m.31 views

CVE-2025-41029 SQL injection in Zeon Academy Pro by Zeon Global Tech

SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'...

9.3CVSS0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.8 views

PT-2026-33991

SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameter 'phonenumber' in '/private/continue-upload.php'...

9.3CVSS5.8AI score0.00238EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

Digiwin EasyFlow .NET 安全漏洞

Digiwin EasyFlow .NET is an enterprise-level Workflow Management platform developed by Digiwin in Taiwan, China. There is a security vulnerability in Digiwin EasyFlow .NET, which stems from SQL injection attacks. This vulnerability could allow unverified remote attackers to inject arbitrary SQL...

9.8CVSS6AI score0.00366EPSS
Exploits0References1
CNVD
CNVD
added 2026/04/20 12:0 a.m.5 views

PraisonAI SQL Injection Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a SQL injection vulnerability that stems from the getalluserthreads function constructing raw SQL queries using unescaped thread IDs, which can be exploited by an attacker to cause SQL injection and gai...

9.8CVSS5.7AI score0.00533EPSS
Exploits1
Veracode
Veracode
added 2026/04/18 5:38 a.m.6 views

SQL Injection

PraisonAI is vulnerable to SQL Injection. The vulnerability is due to unsafe concatenation of the tableprefix configuration value into SQL queries without validation, which allows an attacker to inject arbitrary SQL and manipulate or access database contents...

9.8CVSS5.8AI score0.00297EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:38 a.m.3 views

CVE-2025-15625

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases...

9.5CVSS5.9AI score0.0042EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

Anviz CrossChex Standard 安全漏洞

Anviz CrossChex Standard is a centralized control software developed by Anviz Corporation in the United States, used for access control and attendance data management. Anviz CrossChex Standard has a security vulnerability. This vulnerability arises from the ability of attackers to manipulate the...

7.5CVSS5.8AI score0.0021EPSS
Exploits0References1
Rows per page
Query Builder