CVE-2023-4551

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating...

CVE-2025-64265

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...

WordPress plugin Frontend File Manager 安全漏洞

WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. A lack of authorization vulnerability exists in WordPress Frontend File Manager Plugin, which can be exploited b...

PT-2025-46801

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...

EUVD-2025-30683

Malicious code in bioql PyPI...

EUVD-2024-19253

Malicious code in bioql PyPI...

WordPress Frontend File Manager plugin <= 23.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Hiro Code016Hiro in WordPress Plugin Frontend File Manager versions = 23.3...

CVE-2025-57921

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.3...

CVE-2025-57921 WordPress Frontend File Manager plugin <= 23.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.3...

PT-2025-38772

Name of the Vulnerable Software and Affected Versions N-Media Frontend File Manager versions through 23.2 Description An authorization issue exists in N-Media Frontend File Manager due to incorrectly configured access control security levels. This allows for exploitation of the system...

WordPress plugin Frontend File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2025-21557

Vulnerability in Oracle Application Express component: General. Supported versions that are affected are 23.2 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interacti...

CVE-2024-5584

The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-32264

CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer...

CVE-2025-21557

Vulnerability in Oracle Application Express component: General. Supported versions that are affected are 23.2 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interacti...

PT-2025-4278 · Oracle · Oracle Application Express

Name of the Vulnerable Software and Affected Versions: Oracle Application Express versions 23.2 through 24.1 Description: The issue is related to insufficient authorization procedure in the General component of Oracle Application Express. It allows a low-privileged attacker with network access vi...

Oracle Application Express 安全漏洞

Oracle Application Express is a low-code development platform from Oracle Corporation USA. A security vulnerability exists in Oracle Application Express version 23.2 and version 24.1. An attacker could exploit the vulnerability to update, insert, or delete portions of Oracle Application Express...

CVE-2024-47876 Sakai: Kernel users created with type roleview can login as a normal user

Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability...

CVE-2024-47876

Sakai Kernel vulnerability CVE-2024-47876: Kernel users created with the type roleview could log in as normal users, enabling unauthorized access. Affected in Sakai versions up to 23.2; fixed in 23.3. Root cause: improper access control allowing roleview kernel users to authenticate as non-privil...

PT-2024-7157 · Oracle · Oracle Application Express

Name of the Vulnerable Software and Affected Versions: Oracle Application Express versions 23.2 through 24.1 Description: The issue is related to insufficient input validation in the General component of Oracle Application Express. It allows a low-privileged attacker with network access via HTTP ...