ragic 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に パス処理の欠陥 and vendor risk cross-site scripting などに関し、一部は vendor impact session compromise を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-15016 | Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user. | [email protected] | 9.3 | 0.45% | 2025-12-22 | 2026-03-05 |
| CVE-2025-15015 | Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | [email protected] | 8.7 | 0.52% | 2025-12-22 | 2026-03-05 |
| CVE-2024-9985 | Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. | [email protected] | 10.0 | 0.62% | 2024-10-15 | 2024-10-16 |
| CVE-2024-9984 | Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. | [email protected] | 9.8 | 0.55% | 2024-10-15 | 2024-10-16 |
| CVE-2024-9983 | Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | [email protected] | 7.5 | 0.74% | 2024-10-15 | 2024-10-16 |
| CVE-2023-41343 | Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. | [email protected] | 5.4 | 0.34% | 2023-11-03 | 2024-11-21 |
| CVE-2022-40739 | Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) attack. | [email protected] | 5.4 | 0.43% | 2022-10-31 | 2024-11-21 |