88 matches found
CVE-2026-56251
Capgo before 12.128.2 contains a broken row level security policy in the orgusers table that allows authenticated users to elevate privileges from admin to superadmin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized superadmin access and compromise system security...
CVE-2026-42425
OpenKM 6.3.12 contains an unrestricted SQL-Execution vulnerability exploitable by authenticated administrators via the DatabaseQuery interface. Attackers can send crafted SQL in the qs parameter to /admin/DatabaseQuery to read sensitive data (e.g., usernames and password hashes from the OKM_USER ...
CLSA-2026-1776937700 mysql: Fix of CVE-2019-2627
CVE-2019-2627: fix crash when mysql.user table has missing password column...
EUVD-2026-18173
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary dat...
CVE-2026-33613 MB connect line mbCONNECT24 vulnerable to RCE in generateSrpArray
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary dat...
CVE-2026-33613
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary dat...
CVE-2026-33613 MB connect line mbCONNECT24 vulnerable to RCE in generateSrpArray
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary dat...
CVE-2026-33613
CVE-2026-33613 concerns MB Connect Line mbCONNECT24 with a remote code execution in the generateSrpArray function caused by improper neutralisation of special elements in an OS command. The vulnerability allows an attacker to achieve full system compromise, but only if there is another path to wr...
PT-2026-29710
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary dat...
CVE-2020-10240
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses...
EUVD-2020-2695
Malware in sbrugna...
EUVD-2007-0375
Malware in sbrugna...
EUVD-2022-0665
Malicious code in bioql PyPI...
CVE-2025-42960
SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentialit...
PT-2025-28279 · Sap · Sap Business Warehouse +1
Name of the Vulnerable Software and Affected Versions: SAP Business Warehouse and SAP BW/4HANA BEx Tools affected versions not specified Description: The issue allows an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could...
CVE-2022-23857
model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table which contains sensitive information such as the users...
CVE-2022-30765
Calibre-Web before 0.6.18 allows user table SQL Injection...
CVE-2020-15697
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users...
BIT-JOOMLA-2020-15697
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users...
CVE-2023-30465
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL...