Lucene search
K

740 matches found

Cvelist
Cvelist
added 2025/08/01 12:29 p.m.12 views

CVE-2025-41372 SQL injection vulnerability in Gandia Integra Total

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in...

8.7CVSS0.00577EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/30 12:0 a.m.8 views

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server, related to mutual flow blocking, allows a attacker to cause service failures.

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to mutual blocking of execution streams. Exploiting this vulnerability can allow an attacker to cause service interruptions...

6.8CVSS5.7AI score0.00238EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/07/30 12:0 a.m.9 views

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server, related to buffer overflow in the stack, allows a attacker to cause service interruptions.

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause service interruptions by sending specially crafted requests...

6.8CVSS5.8AI score0.00291EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/07/30 12:0 a.m.9 views

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server lies in the fact that resources are not released after their useful period has ended. This allows attackers to cause service failures.

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to the failure to release resources after their useful lifespan has ended. Exploiting this vulnerability allows a malicious actor to cause service interruptions by...

6.8CVSS5.5AI score0.00291EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2025/07/29 1:38 p.m.15 views

RLSA-2025:3082 Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 For more details about the security issues, including the impact, a CVSS score,...

8.1CVSS8.4AI score0.89914EPSS
Exploits10References2
OSV
OSV
added 2025/07/29 1:38 p.m.5 views

RLSA-2024:0974 Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

8CVSS7.3AI score0.01465EPSS
Exploits0References2
CNVD
CNVD
added 2025/07/25 12:0 a.m.5 views

WordPress Extensions For CF7 Plugin Path Traversal Vulnerability

WordPress Extensions For CF7 Plugin is a plugin that extends the functionality of Contact Form 7, mainly used to enhance the database management, conditional logic processing and user guidance capabilities of native forms. The WordPress Extensions For CF7 Plugin suffers from a path traversal...

8.1CVSS7AI score0.00777EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/18 12:0 a.m.7 views

Vulnerability of the Server component: The MySQL Server database management system, which allows a hacker to cause service interruptions.

Vulnerability of the MySQL Server component: The DDL system for database management of MySQL Server is vulnerable to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

4CVSS7.1AI score0.00423EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/18 12:0 a.m.5 views

Vulnerability of the Server component: The MySQL Server database management system, which allows a hacker to cause service interruptions.

Vulnerability of the MySQL Server component: The DDL system for database management of MySQL Server is vulnerable to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

6.8CVSS7AI score0.00485EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/07/14 11:50 p.m.53 views

CVE-2025-53889

Summary: CVE-2025-53889 affects Directus up to 11.9.0 where manual trigger Flows do not validate whether the triggering user has read permissions for payload items, potentially allowing unauthorized actions. The issue is fixed in 11.9.0; a workaround is to add permission checks for read access to...

6.5CVSS7.1AI score0.00395EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/14 12:0 a.m.8 views

PT-2025-29528 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 9.0.0 through 11.8.99 Description: Directus is a real-time API and App dashboard for managing SQL database content. The exact Directus version number is exposed by the /server/specs/oas endpoint without authentication in...

5.3CVSS7.2AI score0.00452EPSS
Exploits0References13
Redos
Redos
added 2025/07/03 12:0 a.m.7 views

ROS-20250703-03

A vulnerability in the pgAdmin 4 database management tool is related to improper data cleanup, provided by the user. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...

6.1CVSS8AI score0.0091EPSS
Exploits0
Redos
Redos
added 2025/07/03 12:0 a.m.6 views

ROS-20250703-01

Vulnerability in Server Mode LDAP authentication configuration of database management tool pgAdmin 4 is related to incorrect session commit as a result of improper access delimitation. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the security restrictions...

8CVSS7.8AI score0.00447EPSS
Exploits0
Redos
Redos
added 2025/07/01 12:0 a.m.6 views

ROS-20250630-01

A vulnerability in the pgAdmin 4 database management tool exists due to an incorrect restriction of the name of the of the path to a restricted directory. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...

9.8CVSS9.6AI score0.64846EPSS
Exploits5
Cvelist
Cvelist
added 2025/06/17 4:31 a.m.21 views

CVE-2025-6160 SourceCodester Client Database Management System user_customer_create_order.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /usercustomercreateorder.php. The manipulation of the argument userid leads to sql injection. The attack may be initiat...

7.5CVSS0.00502EPSS
Exploits1References5
CVE
CVE
added 2025/06/17 4:31 a.m.27 views

CVE-2025-6160

CVE-2025-6160 affects SourceCodester Client Database Management System 1.0. Affects the file /user_customer_create_order.php where manipulation of the user_id parameter enables a SQL injection. The issue can be exploited remotely and, per sources, the exploit has been disclosed publicly. Public m...

9.8CVSS7.5AI score0.00502EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.5 views

SourceCodester Client Database Management System 注入漏洞

SourceCodester Client Database Management System is SourceCodester open source a client database management system . An injection vulnerability exists in SourceCodester Client Database Management System version 1.0, which originates from SQL injection due to incorrect manipulation of the paramete...

9.8CVSS7.8AI score0.00502EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.9 views

PT-2025-25618

Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System version 1.0 Description A critical issue has been found in the software, affecting the processing of the file /user customer create order.php. The manipulation of the user id argument leads to S...

9.8CVSS6.8AI score0.00502EPSS
Exploits1References13
NVD
NVD
added 2025/06/16 9:15 a.m.10 views

CVE-2025-40728

SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve, create, update and delete databases via the id parameter in the /customersupport/manageuser.php endpoint...

8.8CVSS0.00429EPSS
Exploits0References1
CVE
CVE
added 2025/06/10 10:3 a.m.48 views

CVE-2025-40655

CVE-2025-40655 describes a SQL injection in DM Corporative CMS exploitable through the name parameter of /antcatalogue.asp, enabling an attacker to retrieve, create, update, and delete data in the back-end database. The vulnerability is documented across multiple sources (NVD, Red Hat, CNVD/CNNVD...

9.8CVSS8.1AI score0.00312EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder