Lucene search
+L

389 matches found

cnnvd
cnnvd
added 2025/11/14 12:0 a.m.6 views

Synology Contacts for DSM 跨站脚本漏洞

Synology Contacts for DSM is a contact server provided by the Chinese company Synology. There is a security vulnerability in Synology Contacts for DSM, which allows attackers to bypass access restrictions and read or modify files...

5.4CVSS5.8AI score0.00254EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/11/11 3:47 a.m.13 views

CVE-2025-12864

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS8.1AI score0.00351EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/10 2:19 a.m.4 views

CVE-2025-12865 e-Excellence|U-Office Force - SQL Injection

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS7.8AI score0.00351EPSS
Exploits0References2
cvelist
cvelist
added 2025/11/10 2:15 a.m.8 views

CVE-2025-12864 e-Excellence|U-Office Force - SQL Injection

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS0.00351EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/11/04 12:0 a.m.12 views

PT-2025-48661

Name of the Vulnerable Software and Affected Versions Sprecher Automations SPRECON-E-C Sprecher Automations SPRECON-E-P Sprecher Automations SPRECON-E-T3 Description The software is susceptible to unauthorized remote access due to the use of default cryptographic keys. An attacker can leverage...

9.8CVSS6.8AI score0.00435EPSS
Exploits1References9
nvd
nvd
added 2025/10/30 10:15 p.m.15 views

CVE-2023-7322

Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check coul...

8.7CVSS0.00972EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/10/22 8:18 p.m.6 views

CVE-2025-53058

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite component: Application Logging Interfaces. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

6.1CVSS5.5AI score0.00213EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/10/22 8:18 p.m.6 views

CVE-2025-53065

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

5.4CVSS5.3AI score0.00225EPSS
Exploits0References1
nvd
nvd
added 2025/10/21 8:20 p.m.8 views

CVE-2025-53060

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

6.1CVSS0.00213EPSS
Exploits0References1
nvd
nvd
added 2025/10/21 8:20 p.m.6 views

CVE-2025-53055

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

6.1CVSS0.00225EPSS
Exploits0References1
euvd
euvd
added 2025/10/21 8:3 p.m.5 views

EUVD-2025-35269

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

5.4CVSS4.9AI score0.00225EPSS
Exploits0References1
euvd
euvd
added 2025/10/21 8:2 p.m.4 views

EUVD-2025-35282

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Workflow Notification Mailer. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow...

6.1CVSS5.1AI score0.00213EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/10/10 4:20 p.m.7 views

CVE-2025-59968

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that shou...

8.6CVSS6.9AI score0.00284EPSS
Exploits0References1
osv
osv
added 2025/09/27 1:1 a.m.5 views

CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...

8.1CVSS6.5AI score0.00306EPSS
Exploits0References4
cvelist
cvelist
added 2025/09/23 10:24 p.m.8 views

CVE-2025-55038 AutomationDirect CLICK PLUS Missing Authorization

An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and modify PLC variabl...

7.6CVSS0.00237EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/09/23 12:0 a.m.6 views

PT-2025-39226

Name of the Vulnerable Software and Affected Versions Click Plus C2-03CPU2 version 3.60 Description An authorization bypass exists in the Click Plus C2-03CPU2 device firmware. An authenticated user with low-level access can exploit this issue through the KOPR protocol, used by the Remote PLC...

7.6CVSS6.2AI score0.00237EPSS
Exploits0References6
redhatcve
redhatcve
added 2025/09/17 2:55 a.m.11 views

CVE-2025-10452

Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...

9.8CVSS7.1AI score0.00604EPSS
Exploits0References1
nvd
nvd
added 2025/09/15 3:15 a.m.5 views

CVE-2025-10452

Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...

9.8CVSS0.00604EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/09/15 2:47 a.m.2 views

CVE-2025-10452 Gotac|Statistical Database System - Missing Authentication

Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...

9.8CVSS6.8AI score0.00604EPSS
Exploits0References2
cve
cve
added 2025/09/15 2:47 a.m.23 views

CVE-2025-10452

The CVE-2025-10452 entry concerns Gotac’s Statistical Database System. The connected documents confirm a Missing Authentication vulnerability that allows unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges (CVSS v3.1/4.0 scores CRITICAL). Affe...

9.8CVSS6.8AI score0.00604EPSS
Exploits0References2
Rows per page
Query Builder