Sparxsystems Pro_cloud_server
7 CVEs affecting Sparxsystems Pro_cloud_server. Latest disclosed: 2026-05-19. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-15625 | Critical | 9.8 | 2026-04-17 | Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases. |
CVE-2026-42097 | High | 8.8 | 2026-05-19 | Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the bin… |
CVE-2026-42096 | High | 8.8 | 2026-05-19 | Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user… |
CVE-2026-42100 | High | 7.5 | 2026-05-19 | Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially cra… |
CVE-2026-42099 | High | 7.5 | 2026-05-19 | Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the ob… |
CVE-2025-15624 | High | 7.5 | 2026-04-17 | Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authe… |
CVE-2025-15623 | High | 7.5 | 2026-04-17 | Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability i… |