Lucene search
K

9 matches found

Cvelist
Cvelist
added 2026/03/10 12:19 a.m.38 views

CVE-2026-27689 Denial of service (DOS) in SAP Supply Chain Management

Due to an uncontrolled resource consumption Denial of Service vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution th...

7.7CVSS0.00368EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-9419

Malware in sbrugna...

8.1CVSS7.7AI score0.01432EPSS
Exploits0References4
OSV
OSV
added 2024/01/03 2:15 a.m.2 views

CVE-2023-41776

There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges...

7.8CVSS5.8AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2023/10/27 4:15 a.m.18 views

CVE-2023-46815

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

8.8CVSS8.7AI score0.00553EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/10/27 4:15 a.m.7 views

CVE-2023-46816

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...

8.8CVSS7.2AI score0.00597EPSS
Exploits0References2
Prion
Prion
added 2023/10/27 4:15 a.m.23 views

Unrestricted file upload

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

6.5CVSS8.6AI score0.00553EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.6 views

PT-2023-30232 · Sugarcrm · Sugarcrm

Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 12.0.4 SugarCRM versions prior to 13.0.2 Description: A Server Site Template Injection SSTI issue has been identified in the GecControl action, allowing custom PHP code injection via the GetControl action due to...

8.8CVSS9AI score0.00597EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/10/27 12:0 a.m.13 views

CVE-2023-46816

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...

7.4AI score0.00597EPSS
Exploits0References1
securityvulns
securityvulns
added 2003/08/19 12:0 a.m.26 views

Security hole in MatrikzGB

Security hole in MatrikzGB Guestbook 15/8/2003 Vulnerable Versions: Version 2.0 and prior Version 3 not tested Summary: MatrikzGB was written by Thomas Hempel for www.onsite.org. A bug in index.php allows a user with a regular user account to give administrator rights to himself. Details: The bug...

1.7AI score
Exploits0
Rows per page
Query Builder