Lucene search
+L

117 matches found

RedhatCVE
RedhatCVE
added 2025/09/11 9:30 p.m.5 views

CVE-2025-58462

OPEXUS FOIAXpress Public Access Link PAL before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database...

9.8CVSS8AI score0.00616EPSS
Exploits0References1
OSV
OSV
added 2025/09/09 9:15 p.m.7 views

CVE-2025-58462

OPEXUS FOIAXpress Public Access Link PAL before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database...

9.3CVSS5.8AI score0.00616EPSS
Exploits0References3
NVD
NVD
added 2025/09/09 9:15 p.m.6 views

CVE-2025-58462

OPEXUS FOIAXpress Public Access Link PAL before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database...

9.8CVSS0.00616EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/09 9:9 p.m.4 views

CVE-2025-58462 OPEXUS FOIAXpress PAL SQL injection

OPEXUS FOIAXpress Public Access Link PAL before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database...

9.8CVSS7.6AI score0.00616EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/09 9:9 p.m.12 views

CVE-2025-58462 OPEXUS FOIAXpress PAL SQL injection

OPEXUS FOIAXpress Public Access Link PAL before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database...

9.8CVSS0.00616EPSS
Exploits0References3
CVE
CVE
added 2025/09/09 9:9 p.m.25 views

CVE-2025-58462

CVE-2025-58462 affects OPEXUS FOIAXpress Public Access Link (PAL) prior to version 11.13.1.0. A remote, unauthenticated attacker can exploit an SQL injection in the SearchPopularDocs.aspx page to read, write, or delete data in the underlying database. Impact is high for confidentiality, integrity...

9.8CVSS7.5AI score0.00616EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.6 views

OPEXUS FOIAXpress Public Access Link 安全漏洞

OPEXUS FOIAXpress Public Access Link OPEXUS FOIAXpress PAL is a secure, public-facing web portal from OPEXUS that connects organizations with requesters and integrates with payment solutions, including payment solutions. A security vulnerability exists in OPEXUS FOIAXpress Public Access Link prio...

9.8CVSS7.5AI score0.00616EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/02 8:23 p.m.9 views

CVE-2025-54832

OPEXUS FOIAXpress Public Access Link PAL, version v11.1.0, allows an authenticated user to add entries to the list of states and territories...

5.3CVSS6.2AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/02 8:23 p.m.7 views

CVE-2025-54834

OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place...

6.9CVSS6.5AI score0.0049EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/02 8:23 p.m.7 views

CVE-2025-54833

OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords...

6.9CVSS6.6AI score0.00534EPSS
Exploits0References1
NVD
NVD
added 2025/07/31 6:15 p.m.17 views

CVE-2025-54833

OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords...

7.5CVSS0.00534EPSS
Exploits0References3
NVD
NVD
added 2025/07/31 6:15 p.m.10 views

CVE-2025-54834

OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place...

6.9CVSS0.0049EPSS
Exploits0References3
OSV
OSV
added 2025/07/31 6:15 p.m.7 views

CVE-2025-54833

OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords...

7.5CVSS5.8AI score0.00534EPSS
Exploits0References3
NVD
NVD
added 2025/07/31 6:15 p.m.12 views

CVE-2025-54832

OPEXUS FOIAXpress Public Access Link PAL, version v11.1.0, allows an authenticated user to add entries to the list of states and territories...

5.3CVSS0.00326EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/31 5:26 p.m.5 views

CVE-2025-54833 OPEXUS FOIAXpress Public Access Link (PAL) account-lockout and CAPTCHA protection bypass

OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords...

6.9CVSS6.7AI score0.00534EPSS
Exploits0References3
CVE
CVE
added 2025/07/31 5:26 p.m.26 views

CVE-2025-54833

OPEXUS FOIAXpress PAL v11.1.0 has a vulnerability where unauthenticated remote attackers can bypass account-lockout and CAPTCHA protections, enabling brute-force password attempts. Vendor statements indicate this was addressed in June 2025 release, v11.12.3.0 (upgrade recommended).

7.5CVSS6.7AI score0.00534EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/07/31 5:26 p.m.13 views

CVE-2025-54833 OPEXUS FOIAXpress Public Access Link (PAL) account-lockout and CAPTCHA protection bypass

OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords...

6.9CVSS0.00534EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/31 5:26 p.m.6 views

CVE-2025-54834 OPEXUS FOIAXpress Public Access Link (PAL) unauthenticated username enumeration

OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place...

6.9CVSS6.6AI score0.0049EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/31 5:26 p.m.12 views

CVE-2025-54834 OPEXUS FOIAXpress Public Access Link (PAL) unauthenticated username enumeration

OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place...

6.9CVSS0.0049EPSS
Exploits0References3
CVE
CVE
added 2025/07/31 5:26 p.m.25 views

CVE-2025-54834

CVE-2025-54834 affects OPEXUS FOIAXpress PAL v11.1.0. An unauthenticated attacker can query the /App/CreateRequest.aspx endpoint to enumerate valid usernames due to absent rate limiting. Impact is exposure of user existence; CVSS vectors cited in public records show network access with low to mod...

6.9CVSS6.6AI score0.0049EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder