Skip to main content
Abstract art
Abstract art
Abstract art
Abstract art

For providers

22 Jul 2025
Riasztás

NA - CVE-2025-51479 - Authorization bypass in update_user_group in...

Authorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbitrary user groups via crafted PATCH requests to the...
security-database.com
Read more
22 Jul 2025
Riasztás

NA - CVE-2025-31511 - An issue was discovered in AlertEnterprise...

An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a Request%20Building%20Access requestSubmit API call.
security-database.com
Read more
22 Jul 2025
Riasztás

NA - CVE-2025-31512 - An issue was discovered in AlertEnterprise...

An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval via isAddedByApprover in a Request%20Building%20Access requestSubmit API call.
security-database.com
Read more
22 Jul 2025
Riasztás

NA - CVE-2025-31513 - An issue was discovered in AlertEnterprise...

An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can elevate to administrator privileges via the IsAdminApprover parameter in a Request%20Building%20Access requestSubmit API call.
security-database.com
Read more
22 Jul 2025
Riasztás

NA - CVE-2025-51458 - SQL Injection in editor_sql_run and query_ex in...

SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted input passed to the /v1/editor/sql/run or...
security-database.com
Read more
22 Jul 2025
Riasztás

NA - CVE-2025-51472 - Code Injection in...

Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template...
security-database.com
Read more
22 Jul 2025
Riasztás

NA - CVE-2025-51475 - Arbitrary File Overwrite (AFO) in...

Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames...
security-database.com
Read more
22 Jul 2025
Riasztás

NA - CVE-2025-51462 - Stored Cross-site Scripting (XSS) vulnerability...

Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant...
security-database.com
Read more
22 Jul 2025
Riasztás

NA - CVE-2025-7723 - A command injection vulnerability exists that...

A command injection vulnerability exists that can be exploited after authentication in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build...
security-database.com
Read more
22 Jul 2025
Riasztás

NA - CVE-2025-7724 - An unauthenticated OS command injection...

An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP...
security-database.com
Read more
Language
Type