Lucene search
K

130 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/22 3:36 a.m.4 views

CVE-2026-6834

The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...

7.1CVSS5.8AI score0.00259EPSS
Exploits0References3
CVE
CVE
added 2026/04/22 3:36 a.m.10 views

CVE-2026-6834

Technical details about CVE-2026-6834 are not publicly provided in the supplied documents. No affected products, versions, impact, or remediation are detailed here; monitor for updates.

7.1CVSS5.8AI score0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 3:32 a.m.34 views

CVE-2026-6833 aEnrich|a+HRD - SQL Injection

The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

7.1CVSS0.00278EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 3:32 a.m.31 views

CVE-2026-6833

CVE-2026-6833 concerns the a+HRD product developed by aEnrich, described across multiple sources as a SQL Injection vulnerability. The issue affects the application’s ability to read database contents via arbitrary SQL commands when authenticated remotely. Official metrics indicate CVSS v3.1 base...

7.1CVSS6AI score0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.16 views

PT-2026-34246

CVE-2026-6833 The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. https://t.co/t19jGHdUjW...

7.1CVSS6.1AI score0.00278EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.13 views

aEnrich a+HRD 安全漏洞

aEnrich a+HRD is a comprehensive human resource development solution provided by aEnrich Corporation. aEnrich a+HRD has a security vulnerability; this vulnerability stems from lack of authorization, which may allow authenticated remote attackers to arbitrarily read database content through specif...

7.1CVSS5.8AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.7 views

PT-2026-30958

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in ChurchCRM 7.0.5. Authenticated users without any specific privileges can inject arbitrary SQL statements through the type array parameter via t...

8.8CVSS6AI score0.00253EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 12:17 a.m.32 views

CVE-2026-24309 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced...

6.4CVSS0.00205EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

SAP NetWeaver Application Server for ABAP 安全漏洞

SAP NetWeaver Application Server for ABAP is a core application server platform developed by the German company SAP. There is a security vulnerability in SAP NetWeaver Application Server for ABAP, which stems from the lack of authorization checks. This vulnerability may allow authenticated...

5CVSS5.8AI score0.0023EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24155

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP affected versions not specified Description An authenticated attacker could execute a specific ABAP function module and read sensitive information from the database catalog of the ABAP system due to a...

4.3CVSS5.5AI score0.00193EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.4 views

CVE-2026-20003

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

4.9CVSS6AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.7 views

CVE-2026-20001

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

6.5CVSS6AI score0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 6:31 p.m.9 views

EUVD-2026-9424

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

6.5CVSS6AI score0.00324EPSS
Exploits0References2
NVD
NVD
added 2026/03/04 6:16 p.m.12 views

CVE-2026-20003

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

4.9CVSS0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/04 5:18 p.m.3 views

CVE-2026-20003

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

4.9CVSS6AI score0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/04 5:18 p.m.30 views

CVE-2026-20003

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

4.9CVSS0.00281EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 5:18 p.m.12 views

CVE-2026-20003

Cisco Secure FMC Software’s REST API vulnerability enables authenticated remote SQL injection due to insufficient input validation. An attacker with valid credentials (Administrator, Security approver, Intrusion admin, Access admin, Network admin) could send crafted requests to read the database ...

4.9CVSS6AI score0.00281EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 5:18 p.m.3 views

CVE-2026-20003

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

4.9CVSS6AI score0.00281EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/04 5:3 p.m.5 views

CVE-2026-20001

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

6.5CVSS6AI score0.00324EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.15 views

PT-2026-22967

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

4.9CVSS6AI score0.00281EPSS
Exploits0References1
Rows per page
Query Builder