CVE-2025-15623

Same vendor

• CVE-2026-42100 — Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by se... (7.5 HIGH)
• CVE-2026-42099 — Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint (7.5 HIGH)
• CVE-2026-42097 — Sparx Pro Cloud Server requires authentication based on requested URL (8.8 HIGH)
• CVE-2026-42096 — Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database (8.8 HIGH)
• CVE-2025-15625 — Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases (9.8 CRITICAL)

Same CWE

• CVE-2026-9307 — A sensitive information disclosure security issue exists within the affected CompactLogix controllers
• CVE-2026-52694 — Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions (7.5 HIGH)
• CVE-2026-49068 — Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions (7.5 HIGH)
• CVE-2026-49066 — Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions (7.5 HIGH)
• CVE-2026-49056 — Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions (7.5 HIGH)