Ragic
Products
2- 5 CVEs
- 1 CVE
Recent CVEs
6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-15016 | 0.00 | — | 0.00 | Dec 22, 2025 | Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user. | ||
| CVE-2025-15015 | 0.00 | — | 0.00 | Dec 22, 2025 | Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | ||
| CVE-2024-9985 | 0.00 | — | 0.01 | Oct 15, 2024 | Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. | ||
| CVE-2024-9984 | 0.00 | — | 0.02 | Oct 15, 2024 | Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. | ||
| CVE-2024-9983 | 0.00 | — | 0.01 | Oct 15, 2024 | Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | ||
| CVE-2023-41343 | 0.00 | — | 0.00 | Nov 3, 2023 | Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. |
- CVE-2025-15016Dec 22, 2025risk 0.00cvss —epss 0.00
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user.
- CVE-2025-15015Dec 22, 2025risk 0.00cvss —epss 0.00
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
- CVE-2024-9985Oct 15, 2024risk 0.00cvss —epss 0.01
Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server.
- CVE-2024-9984Oct 15, 2024risk 0.00cvss —epss 0.02
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie.
- CVE-2024-9983Oct 15, 2024risk 0.00cvss —epss 0.01
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
- CVE-2023-41343Nov 3, 2023risk 0.00cvss —epss 0.00
Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.