Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.9 views

CVE-2026-8907

The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the processinit function hooked to admininit, which saves plugin settings zoom-level, focus-lat, focus-lng, selplaces, selroutes v...

6.1CVSS5.5AI score0.00119EPSS
Exploits0References1
CVE
CVE
added 2025/06/10 11:7 p.m.94 views

CVE-2025-47849

CVE-2025-47849 (Apache CloudStack) : Privilege escalation affects CloudStack versions 4.10.0.0 through 4.20.0.0. A malicious Domain Admin in the ROOT domain can obtain the API key and secret key of Admin-role accounts in the same domain, enabling impersonation and access to sensitive APIs and res...

8.8CVSS6.9AI score0.00499EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.5 views

The vulnerability of the UpdateTraceLevelSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the UpdateTraceLevelSettings method in software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass...

9CVSS6.1AI score0.0049EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/04/16 6:16 p.m.3 views

CVE-2025-32863

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

8.7CVSS5.8AI score0.0049EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.4 views

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the UpdateTraceLevelSettings method, which can be exploited by an attacker to bypass...

8.8CVSS8.4AI score0.0049EPSS
Exploits0References2
Rows per page
Query Builder