389 matches found
Synology Contacts for DSM 跨站脚本漏洞
Synology Contacts for DSM is a contact server provided by the Chinese company Synology. There is a security vulnerability in Synology Contacts for DSM, which allows attackers to bypass access restrictions and read or modify files...
CVE-2025-12864
U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2025-12865 e-Excellence|U-Office Force - SQL Injection
U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2025-12864 e-Excellence|U-Office Force - SQL Injection
U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...
PT-2025-48661
Name of the Vulnerable Software and Affected Versions Sprecher Automations SPRECON-E-C Sprecher Automations SPRECON-E-P Sprecher Automations SPRECON-E-T3 Description The software is susceptible to unauthorized remote access due to the use of default cryptographic keys. An attacker can leverage...
CVE-2023-7322
Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check coul...
CVE-2025-53058
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite component: Application Logging Interfaces. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...
CVE-2025-53065
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
CVE-2025-53060
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseO...
CVE-2025-53055
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
EUVD-2025-35269
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
EUVD-2025-35282
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Workflow Notification Mailer. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow...
CVE-2025-59968
A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that shou...
CVE-2025-59945 SysReptor Susceptible to Privilege Escalation by Authenticated Users
SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...
CVE-2025-55038 AutomationDirect CLICK PLUS Missing Authorization
An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and modify PLC variabl...
PT-2025-39226
Name of the Vulnerable Software and Affected Versions Click Plus C2-03CPU2 version 3.60 Description An authorization bypass exists in the Click Plus C2-03CPU2 device firmware. An authenticated user with low-level access can exploit this issue through the KOPR protocol, used by the Remote PLC...
CVE-2025-10452
Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...
CVE-2025-10452
Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...
CVE-2025-10452 Gotac|Statistical Database System - Missing Authentication
Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges...
CVE-2025-10452
The CVE-2025-10452 entry concerns Gotac’s Statistical Database System. The connected documents confirm a Missing Authentication vulnerability that allows unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges (CVSS v3.1/4.0 scores CRITICAL). Affe...