Lucene search
K

3908 matches found

CVE
CVE
added 2026/05/26 7:36 p.m.16 views

CVE-2026-9642

Delta Electronics DIAView has a reported vulnerability where unverified remote attackers can access the configured database due to a security flaw in the DIAView software. The available public document describes unauthenticated remote access to the database as the impact. No concrete fix/mitigati...

5.8AI score0.00053EPSS
Exploits0
EUVD
EUVD
added 2026/05/26 7:36 p.m.18 views

EUVD-2026-31970

There is a mitigation bypass / incomplete fix for CVE-2025-62582 Unauthenticated Remote Database Access An unauthenticated remote attacker can access configured databases in a DIAView project...

9.8CVSS5.8AI score0.00485EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 7:36 p.m.9 views

CVE-2026-9642

...

5.8AI score0.00053EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.9 views

CVE-2018-25348 Joomla! Component Ek Rishta 2.10 SQL Injection via user_detail

Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the userdetail view with malicious cid values containing SQL commands t...

8.8CVSS5.9AI score0.00358EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/21 5:10 p.m.7 views

CVE-2026-48234

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/listrequests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics ...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.21 views

PT-2026-42519

Name of the Vulnerable Software and Affected Versions Open ISES Tickets versions prior to 3.44.2 Description The software contains hardcoded MySQL database credentials within the loader.php file, which is a public-facing database utility committed to the source repository. An unauthenticated...

9.2CVSS5.9AI score0.00305EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.8 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from multiple POST parameters in the dbloader.php file—ticketsdb, ticketshost, ticketsuser, a...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 1:25 a.m.16 views

CVE-2026-8685

The CVE-2026-8685 entry concerns the Infility Global plugin for WordPress. It exposes an SQL Injection vulnerability via the 'orderby' and 'order' parameters in all versions up to 2.15.16. The root cause is insufficient escaping of user-supplied parameters and lack of proper preparation in the sh...

6.5CVSS5.9AI score0.00359EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/19 12:59 p.m.10 views

EUVD-2026-30927

Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond wi...

8.7CVSS6AI score0.00598EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/05/15 6:23 p.m.9 views

CVE-2026-44718 Mathesar: Missing collaborator checks allowed access to saved explorations in other databases

Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 6:23 p.m.24 views

CVE-2026-44718

Mathesar prior to 0.10.0 contains an access control flaw: from 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an exploration_id without verifying that the requesting user is a collaborator on the exploration’s database. An authenticated user on ...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 6:23 p.m.45 views

CVE-2026-44718 Mathesar: Missing collaborator checks allowed access to saved explorations in other databases

Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...

5.3CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 10:35 a.m.47 views

CVE-2025-68420 Privilege Escalation in Comarch ERP Optima

Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...

7.5CVSS0.00114EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 10:35 a.m.10 views

CVE-2025-68420

Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to t...

7.5CVSS5.7AI score0.00114EPSS
Exploits0References3
CVE
CVE
added 2026/05/14 10:35 a.m.19 views

CVE-2025-68420

Summary: CVE-2025-68420 affects the Comarch ERP Optima client, where the client connects to a database using a high-privilege account regardless of the user’s application account. A local attacker-controlled client process can dump memory, extract credentials, and gain privileged database access....

7.5CVSS5.7AI score0.00114EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Comarch ERP Optima 安全漏洞

Comarch ERP Optima is an ERP and financial management system for small and medium-sized enterprises developed by the Polish company Comarch. Versions of Comarch ERP Optima prior to 2026.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of high-privilege accounts to...

7.5CVSS5.8AI score0.00114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-40903

Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials cannot be changed. It is possible for a remote attacker to gain an access to the database with elevated privileges including executing system commands on a server. This issue has been fixed in...

8.7CVSS5.8AI score0.00229EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 9:32 p.m.16 views

EUVD-2026-30094

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full...

8.6CVSS6.1AI score0.00248EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.10 views

CVE-2026-44221

ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an...

9CVSS5.8AI score0.00344EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 7:4 p.m.11 views

CVE-2026-0242

Summary: CVE-2026-0242 describes a SQL injection in Trust Protection Foundation. The authenticated attacker can execute arbitrary SQL against the product database, potentially leading to data exposure, data integrity modification, and privilege escalation to full administrative control of the pla...

8.6CVSS6.1AI score0.00248EPSS
Exploits0References1
Rows per page
Query Builder