Lucene search
K

231 matches found

Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.6 views

PT-2024-37615 · Pepperl+Fuchs · Oit1500-F113-B12-Cb +7

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. Recommendations: At the moment,...

9.8CVSS7.2AI score0.00581EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/06/11 5:21 a.m.15 views

CVE-2024-31402

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos...

6.3AI score0.00305EPSS
Exploits0References2
NVD
NVD
added 2024/05/30 4:15 a.m.21 views

CVE-2024-3269

The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlmuninstallplugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete...

5.4CVSS5.5AI score0.00298EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/30 3:34 a.m.28 views

CVE-2024-3269 Download Monitor <= 4.9.13 - Missing Authorization

The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlmuninstallplugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete...

5.4CVSS5.5AI score0.00298EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/27 12:0 a.m.18 views

PT-2024-5292 · Unknown · Openapi Generator

Name of the Vulnerable Software and Affected Versions: OpenAPI Generator versions prior to 7.6.0 Description: The issue is related to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to bypass security restrictions a...

8.7CVSS7.1AI score0.03592EPSS
Exploits0References10
OSV
OSV
added 2024/05/03 7:15 p.m.4 views

CVE-2021-20451

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 196643...

7.2CVSS5.9AI score0.00504EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/05/02 12:0 a.m.7 views

Vulnerability of the Server component: Security: Privileges of the Oracle MySQL Server database management system, which allows attackers to gain unauthorized access for reading, adding, modifying, or deleting protected information.

The vulnerability of the Server component, specifically the Security: Privileges section of the Oracle MySQL Server database management system, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read, add,...

4.7CVSS6AI score0.0062EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.10 views

PT-2024-22976 · Abast · Scan Visio Edocument Suite Web Viewer

Name of the Vulnerable Software and Affected Versions: SCAN VISIO eDocument Suite Web Viewer of Abast affected versions not specified Description: A SQL Injection issue has been discovered, allowing an unauthenticated user to retrieve, update, and delete all database information. This issue was...

9.8CVSS8.2AI score0.00548EPSS
Exploits0References6
OSV
OSV
added 2024/02/15 3:15 a.m.2 views

CVE-2024-26262

EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even...

8.8CVSS5.9AI score0.00771EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/02/09 12:0 a.m.6 views

The vulnerability of the synchronization application for Qsync Central files arises from the improper assignment of permissions to the critical resource. This allows a malicious actor to gain access to read, modify, or delete data.

The vulnerability of the Qsync Central file synchronization application is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability may allow an attacker who operates remotely to gain access to read, modify, or delete data...

9CVSS7.5AI score0.01014EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/01/24 12:0 a.m.5 views

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...

6.4CVSS6.8AI score0.00168EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/01/22 12:0 a.m.6 views

The vulnerability of the DB Privileges component of the Oracle Application Object Library in the Oracle E-Business Suite allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the DB Privileges component of the Oracle Application Object Library in the Oracle E-Business Suite system for enterprise automation activities is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gai...

6.5CVSS6.9AI score0.00322EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/12/21 12:0 a.m.6 views

The vulnerability of the SMS sending function in OMICARD’s marketing messaging system allows a hacker to execute arbitrary SQL code and gain access to read, modify, or delete data.

The vulnerability of the SMS sending function in OMICARD’s marketing messaging system lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL code and gain access to read, modify, or delete data...

10CVSS8.2AI score0.01062EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/17 12:0 a.m.8 views

The vulnerability of the IBM Security Guardium information protection mechanism lies in its failure to protect the structure of SQL queries. This allows attackers to view, add, modify, or delete information in the internal database.

The vulnerability of the IBM Security Guardium security tool is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to remotely access, view, add, modify, or delete information in the internal database...

8CVSS6AI score0.00429EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/01 12:0 a.m.6 views

The vulnerability of the SAP CommonCryptoLib library, related to deficiencies in authentication procedures, allows attackers to read, modify, or delete data with limited access.

The vulnerability of the SAP CommonCryptoLib library is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to read, modify, or delete data with limited access...

10CVSS7.7AI score0.00748EPSS
Exploits0References3Affected Software8
CNNVD
CNNVD
added 2023/10/05 12:0 a.m.6 views

Online Pizza Ordering System SQL注入漏洞

Online Pizza Ordering System is an online pizza ordering system. Online Pizza Ordering System suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database via scripting...

9.8CVSS7.5AI score0.00409EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.4 views

PT-2023-7766 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the User macros function in Nagios XI, which has insufficient access control. This can be exploited by a remote attacker to read, modify, or delete data, or cause ...

5.5CVSS6.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/11 12:0 a.m.4 views

PT-2023-6624 · Sap · Sap Commoncryptolib

Name of the Vulnerable Software and Affected Versions: SAP CommonCryptoLib affected versions not specified Description: The issue is related to insufficient authorization checks in the SAP CommonCryptoLib library. This can lead to an escalation of privileges, allowing a remote attacker to read,...

10CVSS7.3AI score0.00748EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.5 views

PT-2023-18697 · WordPress · Wp Directory Kit

Name of the Vulnerable Software and Affected Versions: WP Directory Kit plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is due to missing or incorrect nonce validation on the admin page display function, making it possible for unauthenticated attackers to delete o...

5.4CVSS6.2AI score0.00294EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.10 views

PT-2023-20582 · WordPress · Kivicare

Name of the Vulnerable Software and Affected Versions: KiviCare WordPress plugin versions prior to 3.2.1 Description: The issue concerns the lack of CSRF checks in various AJAX actions, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. This includes...

8.8CVSS9AI score0.00389EPSS
Exploits2References3
Rows per page
Query Builder