Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40839

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:57 a.m.30 views

CVE-2026-40839 Authenticated SQLi in getComponentScalings function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS0.00262EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:57 a.m.8 views

CVE-2026-40839

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2026/05/27 7:57 a.m.17 views

CVE-2026-40839

The CVE-2026-40839 entry describes a SQL Injection in the getComponentScalings function. An unauthenticated/low-privileged remote attacker can leverage improper neutralization of input in a SQL SELECT, potentially leading to total confidentiality loss. The vulnerability is noted with CVSS 3.1 bas...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:57 a.m.11 views

EUVD-2026-32138

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43605

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/09 5:27 p.m.5 views

CVE-2025-48615

In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.8AI score0.00098EPSS
Exploits0References1
NVD
NVD
added 2025/12/08 5:16 p.m.4 views

CVE-2025-48615

In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00098EPSS
Exploits0References1
CVE
CVE
added 2025/12/08 4:57 p.m.21 views

CVE-2025-48615

Technical details (affected product/version, root cause, exploitability, impact, patch) for CVE-2025-48615 are not publicly provided in the supplied documents. The CVE is referenced in patch previews but no specifics are available here.

7.8CVSS6.5AI score0.00098EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.6 views

PT-2025-43493

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the Framework component of Android operating systems due to insufficient input validation. Exploitation of this issue may allow an attacker to escalate privileges...

7.8CVSS6.5AI score0.00098EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-26892

Malicious code in bioql PyPI...

7.8CVSS6.6AI score0.00082EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 8:15 p.m.14 views

CVE-2025-26439

In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS0.00082EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.7 views

PT-2025-36090

Name of the Vulnerable Software and Affected Versions: AccessibilitySettingsUtils.java affected versions not specified Description: A logic error in the getComponentName function within AccessibilitySettingsUtils.java may allow a malicious Talkback service to be enabled instead of the system...

7.8CVSS6.3AI score0.00082EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.7 views

The vulnerability in the implementation of the get_component_fields method of the comments module in the Netcat CMS system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the getcomponentfields method in the comments module of the Netcat CMS system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information from...

9.1CVSS5.6AI score
Exploits0References1Affected Software1
OSV
OSV
added 2012/07/19 7:55 p.m.2 views

DEBIAN-CVE-2012-4024

Stack-based buffer overflow in the getcomponent function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file aka a crafted file for the -ef option. NOTE: probably in most cases, the list file is a trusted file...

6.8CVSS8.2AI score0.04047EPSS
Exploits0References1
Rows per page
Query Builder