Lucene search
K

86 matches found

NVD
NVD
added 2025/12/02 1:15 p.m.5 views

CVE-2025-41012

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

8.7CVSS0.00218EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 1:12 p.m.2 views

CVE-2025-41012 Unauthorized access vulnerability in TCMAN GIM

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

8.7CVSS6.5AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.4 views

TCMAN GIM 信息泄露漏洞

TCMAN GIM is a management system from the Spanish company TCMAN. An information disclosure vulnerability exists in TCMAN GIM version v11 20250304, which originates from an unauthenticated attacker being able to determine if a user exists via the pda:username parameter...

7.5CVSS6.2AI score0.00266EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.6 views

PT-2025-48680

Name of the Vulnerable Software and Affected Versions TCMAN GIM version 20250304 Description An unauthenticated attacker can determine if a user exists on the system. This is achieved by utilizing the pda:userId and pda:newPassword parameters with the 'soapaction UnlockUser’ within the...

8.7CVSS6.7AI score0.00218EPSS
Exploits0References3
NVD
NVD
added 2025/11/04 7:15 a.m.5 views

CVE-2025-20744

In pda, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10127160; Issue ID: MSV-4542...

4.2CVSS0.00078EPSS
Exploits0References1
OSV
OSV
added 2025/11/04 7:15 a.m.4 views

CVE-2025-20744

In pda, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10127160; Issue ID: MSV-4542...

4.2CVSS5.8AI score
Exploits0References1
CVE
CVE
added 2025/11/04 6:19 a.m.12 views

CVE-2025-20744

The CVE-2025-20744 entry concerns the pda component with a use-after-free in privileged context leading to local escalation of privilege. The advisory indicates that a malicious actor who already has System privileges can exploit this without user interaction; no exploit vectors or in-wild detail...

4.2CVSS6.3AI score0.00078EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/04 6:19 a.m.4 views

CVE-2025-20744

In pda, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10127160; Issue ID: MSV-4542...

6.3AI score0.00078EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.5 views

PT-2025-44983

Name of the Vulnerable Software and Affected Versions pda affected versions not specified Description There is a potential for privilege escalation due to a use-after-free condition in pda. Successful exploitation could allow a malicious actor with System privileges to gain local escalation of...

4.2CVSS6.4AI score0.00078EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2005-4147

Malware in sbrugna...

7.8CVSS6.4AI score0.02084EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2001-0987

Malware in sbrugna...

5CVSS6.4AI score0.01096EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2002-1953

Malware in sbrugna...

10CVSS6.4AI score0.02766EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-25013

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00063EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in @zalastax/nolb-pda (npm)

The package @zalastax/nolb-pda was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-13099 Malicious code in @zalastax/nolb-pda (npm)

The package @zalastax/nolb-pda was found to contain malicious code...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2025/04/25 12:0 a.m.5 views

WordPress plugin Prevent Direct Access 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.2AI score0.00246EPSS
Exploits0References5
OSV
OSV
added 2024/11/01 2:15 p.m.11 views

CVE-2024-10655

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file /pda/reportshop/new.php. The manipulation of the argument repid leads to sql injection. The attack can be initiated remotely. The exploit has been disclose...

9.8CVSS5.7AI score0.00543EPSS
Exploits1References4
OSV
OSV
added 2024/11/01 4:15 a.m.4 views

CVE-2024-10617

A vulnerability classified as critical was found in Tongda OA up to 11.10. This vulnerability affects unknown code of the file /pda/workflow/checkseal.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the publi...

9.8CVSS5.7AI score0.00543EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/11/01 12:0 a.m.4 views

TONGDA Office Anywhere SQL注入漏洞

TONGDA Office Anywhere is a collaborative office OA system of China Tongda TONGDA. TONGDA Office Anywhere suffers from a SQL injection vulnerability, which originates from the mrid parameter of the /pda/meeting/apply.php page containing a SQL injection vulnerability...

9.8CVSS7AI score0.00686EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/11/01 12:0 a.m.5 views

TONGDA Office Anywhere SQL注入漏洞

TONGDA Office Anywhere is a collaborative office OA system of China Tongda TONGDA. TONGDA Office Anywhere suffers from a SQL injection vulnerability, which originates from a SQL injection vulnerability in the repid parameter of the /pda/reportshop/new.php page...

9.8CVSS7AI score0.00543EPSS
Exploits1References4
Rows per page
Query Builder