Filtered by vendor Ragic
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11675 | 1 Ragic | 1 Enterprise Cloud Database | 2025-10-20 | 7.2 High |
| Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | ||||
| CVE-2022-40739 | 1 Ragic | 1 Ragic | 2025-05-06 | 5.4 Medium |
| Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack. | ||||
| CVE-2023-41343 | 1 Ragic | 1 Enterprise Cloud Database | 2024-11-21 | 5.4 Medium |
| Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. | ||||
| CVE-2024-9983 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | 7.5 High |
| Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | ||||
| CVE-2024-9984 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | 9.8 Critical |
| Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. | ||||
| CVE-2024-9985 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | 10 Critical |
| Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. | ||||
Page 1 of 1.