CVE-2025-15624

Same vendor

• CVE-2026-42100 — Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by se... (7.5 HIGH)
• CVE-2026-42099 — Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint (7.5 HIGH)
• CVE-2026-42097 — Sparx Pro Cloud Server requires authentication based on requested URL (8.8 HIGH)
• CVE-2026-42096 — Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database (8.8 HIGH)
• CVE-2025-15625 — Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases (9.8 CRITICAL)

Same CWE

• CVE-2024-45636 — IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user (4.1 MEDIUM)
• CVE-2026-36174 — GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console (4.6 MEDIUM)
• CVE-2018-25396 — Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administra... (7.5 HIGH)
• CVE-2021-47961 — A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influen... (8.1 HIGH)
• CVE-2025-15128 — A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2 (5.3 MEDIUM)