Skip to main content

Enterprise Cloud Database

6 CVEs product

Monthly

CVE-2026-15553 MEDIUM This Month

Unrestricted file upload in Ragic Enterprise Cloud Database exposes all versions to unauthenticated remote exploitation, allowing attackers to plant malicious files that are subsequently served to authenticated platform users for download. The root cause is CWE-434 (Unrestricted Upload of File with Dangerous Type), meaning the application performs no meaningful validation of file type, content, or extension before persisting uploads. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, but the zero-authentication requirement and network-accessible attack vector make this a low-barrier, high-supply-chain-risk issue in environments where Ragic is used for file collaboration.

File Upload Enterprise Cloud Database
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-15552 MEDIUM This Month

Stored XSS in Ragic Enterprise Cloud Database permits unauthenticated remote attackers to inject persistent JavaScript into application data, which then executes in the browsers of any user who loads the affected page. Because the payload is stored server-side, a single injection event affects all subsequent visitors without further attacker interaction. No active exploitation is confirmed in CISA KEV and no public proof-of-concept code has been identified at time of analysis, but the CVSS 4.0 PR:N rating confirms no authentication is needed to plant the payload.

XSS Enterprise Cloud Database
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-9985 CRITICAL Act Now

Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Enterprise Cloud Database
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-9984 CRITICAL Act Now

Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Cloud Database
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-9983 HIGH This Week

Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Cloud Database
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41343 MEDIUM This Month

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise Cloud Database
NVD
CVSS 3.1
5.4
EPSS
0.3%
EPSS 0% CVSS 6.9
MEDIUM This Month

Unrestricted file upload in Ragic Enterprise Cloud Database exposes all versions to unauthenticated remote exploitation, allowing attackers to plant malicious files that are subsequently served to authenticated platform users for download. The root cause is CWE-434 (Unrestricted Upload of File with Dangerous Type), meaning the application performs no meaningful validation of file type, content, or extension before persisting uploads. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, but the zero-authentication requirement and network-accessible attack vector make this a low-barrier, high-supply-chain-risk issue in environments where Ragic is used for file collaboration.

File Upload Enterprise Cloud Database
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Stored XSS in Ragic Enterprise Cloud Database permits unauthenticated remote attackers to inject persistent JavaScript into application data, which then executes in the browsers of any user who loads the affected page. Because the payload is stored server-side, a single injection event affects all subsequent visitors without further attacker interaction. No active exploitation is confirmed in CISA KEV and no public proof-of-concept code has been identified at time of analysis, but the CVSS 4.0 PR:N rating confirms no authentication is needed to plant the payload.

XSS Enterprise Cloud Database
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Enterprise Cloud Database
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Cloud Database
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Cloud Database
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise Cloud Database
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy