Critical - CVE-2024-13147 - Improper Neutralization of Special Elements...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.This issue affects B2B Login...
NA - CVE-2024-12799 - Insufficiently Protected Credentials...
Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated...
NA - CVE-2025-1714 - Lack of Rate Limiting in Sign-up workflow in...
Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server
NA - CVE-2023-38693 - Lucee Server (or simply Lucee) is a dynamic,...
Lucee Server (or simply Lucee) is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack....
NA - CVE-2025-21095 - Path traversal may lead to arbitrary file...
Path traversal may lead to arbitrary file download. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further...
NA - CVE-2025-22212 - A SQL injection vulnerability in the...
A SQL injection vulnerability in the ConvertForms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the...
NA - CVE-2025-23416 - Path traversal may lead to arbitrary file...
Path traversal may lead to arbitrary file deletion. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further...
NA - CVE-2025-24494 - Path traversal may allow remote code execution...
Path traversal may allow remote code execution using privileged account (requires device admin account, cannot be performed by a regular user). In combination with the 'Upload'...
NA - CVE-2025-24521 - External XML entity injection allows arbitrary...
External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate...
NA - CVE-2025-27411 - REDAXO is a PHP-based CMS. In Redaxo before...
REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3.