54 matches found
CVE-2026-15553
The CVE-2026-15553 entry concerns Ragic’s Enterprise Cloud Database with an Arbitrary File Upload vulnerability that allows unauthenticated remote attackers to upload malicious files and have them downloaded by users. Affected component is the Cloud Database service; the root cause is an insecure...
EUVD-2026-43270
Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...
CVE-2026-15552 Ragic|Enterprise Cloud Database - Stored Cross-Site Scripting
Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...
EUVD-2026-42262
n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutating evaluation test-run endpoints that authorize state-changing actions using the workflow:read scope instead of the action-appropriate workflow:execute scope. On instances using Advanced Permissions...
CVE-2026-56775 n8n - Incorrect OAuth Scope Validation in Evaluation Test Runs Endpoints
n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutating evaluation test-run endpoints that authorize state-changing actions using the workflow:read scope instead of the action-appropriate workflow:execute scope. On instances using Advanced Permissions...
GHSA-664H-GPGQ-H6XX n8n: Wrong OAuth Scope on Evaluation Test Runs Endpoints
Impact Three mutating endpoints in the evaluation test runs controller authorized state-changing actions using workflow:read instead of the action-appropriate workflow:execute scope. An authenticated user with project:viewer role on a project could start new evaluation test runs, cancel in-flight...
CVE-2026-9550 Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform upfile path traversal
A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...
CVE-2026-9550
CVE-2026-9550 affects Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0. The issue involves path traversal in a component handling the file path /SubstationWEBV2/app/..;/main/upfile, caused by manipulation of the argument path. The vulnerability permits...
EUVD-2026-31782
A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree. Performing a manipulation of the argument...
CVE-2026-9523
A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree. Performing a manipulation of the argument...
EUVD-2026-26833
A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. The manipulation of the argument fCircuitids leads to sql injection. The attack may be...
Lenovo Filez 安全漏洞
Lenovo Filez is an enterprise cloud storage service provided by Lenovo Corporation. Lenovo FileZ has a security vulnerability, which stems from the possibility for locally authenticated users under certain conditions to retrieve sensitive data stored in log files...
Lenovo Filez 安全漏洞
Lenovo Filez is an enterprise cloud storage service provided by Lenovo Corporation. There is a security vulnerability in Lenovo Filez, which stems from improper certificate verification. This vulnerability may allow users who are capable of intercepting network traffic to access sensitive user da...
Chanjet TPlus code issue vulnerabilities
Chanjet TPlus is an enterprise cloud platform developed by Chanjet Corporation. Versions of Chanjet TPlus 16.x and earlier contained a code vulnerability caused by a .NET deserialization issue in the AjaxPro endpoint, which could lead to remote code execution...
CVE-2025-15016
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user...
CVE-2025-15016
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user...
CVE-2025-15016 Ragic|Enterprise Cloud Database - Hard-coded Cryptographic Key
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user...
CVE-2025-15016
The CVE-2025-15016 entry relates to Ragic’s Enterprise Cloud Database, which is vulnerable due to a hard-coded cryptographic key that can be exploited by unauthenticated remote attackers to generate authentication data and log in as any user. Affected component: Ragic Enterprise Cloud Database (c...
EUVD-2025-204688
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user...
CVE-2025-15015 Ragic|Enterprise Cloud Database - Arbitrary File Read
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...