Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
database server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-47118
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue exists in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed b...
Clickhouse Clickhouse Cloud
Clickhouse Clickhouse
9.8
CVSSv3
CVE-2023-47261
Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled.
Dokmee Enterprise Content Management 7.4.6
9.8
CVSSv3
CVE-2023-41790
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 up to an...
Artica Pandora Fms
9.8
CVSSv3
CVE-2022-46337
A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the malicious user to exe...
Apache Derby 10.16.1.1
Apache Derby
9.8
CVSSv3
CVE-2023-38547
A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.
Veeam One 12.0.1.2591
Veeam One 12.0.0.2498
Veeam One 11.0.0.1379
Veeam One 11.0.1.1880
9.8
CVSSv3
CVE-2023-41262
An issue exists in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer prior to 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the...
Plixer Scrutinizer
9.8
CVSSv3
CVE-2023-40309
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could a...
Sap Netweaver Application Server Abap Kernel 7.53
Sap Netweaver Application Server Abap Kernel 7.77
Sap Web Dispatcher 7.53
Sap Web Dispatcher 7.77
Sap Web Dispatcher 7.22ext
Sap Content Server 7.53
Sap Web Dispatcher 7.85
Sap Netweaver Application Server Abap Kernel 7.22
Sap Netweaver Application Server Abap Kernel 8.04
Sap Netweaver Application Server Abap 7.22ext
Sap Netweaver Application Server Abap Kernel 7.85
Sap Web Dispatcher 7.89
Sap Web Dispatcher 7.54
Sap Netweaver Application Server Abap Kernel 7.89
Sap Netweaver Application Server Abap Kernel 7.54
Sap Netweaver Application Server Abap Kernel 7.92
Sap Netweaver Application Server Abap Kernel 7.93
Sap Content Server 6.50
Sap Content Server 7.54
Sap Hana Database 2.0
Sap Host Agent 722
Sap Extended Application Services And Runtime 1.0
9.8
CVSSv3
CVE-2023-3264
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to...
Cyberpower Powerpanel Server
Dataprobe Iboot-pdu4a-c10 Firmware
Dataprobe Iboot-pdu4a-c20 Firmware
Dataprobe Iboot-pdu4a-n15 Firmware
Dataprobe Iboot-pdu4a-n20 Firmware
Dataprobe Iboot-pdu4-c20 Firmware
Dataprobe Iboot-pdu4-n20 Firmware
Dataprobe Iboot-pdu4sa-c10 Firmware
Dataprobe Iboot-pdu4sa-c20 Firmware
Dataprobe Iboot-pdu4sa-n15 Firmware
Dataprobe Iboot-pdu4sa-n20 Firmware
Dataprobe Iboot-pdu8a-2c10 Firmware
Dataprobe Iboot-pdu8a-2c20 Firmware
Dataprobe Iboot-pdu8a-2n15 Firmware
Dataprobe Iboot-pdu8a-2n20 Firmware
Dataprobe Iboot-pdu8a-c10 Firmware
Dataprobe Iboot-pdu8a-c20 Firmware
Dataprobe Iboot-pdu8a-n15 Firmware
Dataprobe Iboot-pdu8a-n20 Firmware
Dataprobe Iboot-pdu8sa-2n15 Firmware
Dataprobe Iboot-pdu8sa-c10 Firmware
Dataprobe Iboot-pdu8sa-n15 Firmware
9.8
CVSSv3
CVE-2023-37372
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote malicious users to execute arbitrary SQL queries on the server database.
Siemens Ruggedcom Crossbow
9.8
CVSSv3
CVE-2023-37470
Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core iss...
Metabase Metabase
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »