66 matches found
PT-2025-49028
Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.7.1 Description A security issue exists in dayrui XunRuiCMS. The issue is related to cross site scripting, potentially allowing remote attacks. The manipulation of the dataname argument in the file...
CVE-2025-0165
IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...
The vulnerability of the Service Layer component of the SAP Business One resource management system allows a malicious actor to enhance their privileges and gain access to read, modify, and/or add data.
The vulnerability of the Service Layer component of the SAP Business One resource management system is related to improper session management. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and gain access to read, modify, and/or add data...
CVE-2025-2321
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this issue is some unknown functionality of the file /api/mjkj-chat/cgform-api/addData/. The manipulation of the argument chatUserID leads to business logic errors. The attack may be...
The vulnerability of the Tasks component in the Oracle Common Applications Calendar application of the Oracle E-Business Suite allows a perpetrator to gain access to modify, add, and delete data.
The vulnerability of the Tasks component in Oracle Common Applications Calendar, a part of the Oracle E-Business Suite, relates to deficiencies in the authorization process due to incorrect validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain...
The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...
CVE-2023-45387
In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via exportProduct::addDataToDb...
The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools, a resource management system, allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain read, modify, add, or delete access to data...
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain unauthorized access to read, modify, or add data, or to cause a service failure.
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add data, or cause a service...
Car Rental Management System SQL注入漏洞
Car Rental Management System is a car rental management system. SQL injection vulnerability exists in Car Rental Management System, which can be exploited by attackers to view, add, modify or delete information in the back-end database...
The vulnerability of the Icinga system for monitoring network resources’ accessibility lies in its lack of sufficient validation of input data. This allows attackers to add, modify, or delete information within the system.
The vulnerability of Icinga’s system for monitoring network resources exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to add, modify, or delete information remotely...
The vulnerability of the TCP/IP protocol implementation in the Stack Trace stack allows a perpetrator to gain access to modify, add, or delete data.
The vulnerability of the TCP/IP protocol implementation in the Trace stack is related to integer overflows. Exploiting this vulnerability allows a remote attacker to gain access to modify, add, or delete data...
The vulnerability of the Worklist component of the Oracle Workflow system allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.
The vulnerability of the Worklist component of the Oracle Workflow system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information, or to modify, add, or delete data using the HTTP...
The vulnerability of the Print Server component of the Oracle One-to-One Fulfillment application allows a perpetrator to gain unauthorized access to protected information or to have read, add, or delete privileges over that information.
The vulnerability of the Print Server component of the Oracle One-to-One Fulfillment application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or to have read, add, or...
The vulnerability of the Outcome-Result component of the Oracle Customer Interaction History software allows a perpetrator to gain unauthorized access to protected information or to have read, add, or delete privileges over the data.
The vulnerability of the Outcome-Result component of the Oracle Customer Interaction History software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or to have read, add,...
The vulnerability of the Runtime Catalog component of the Oracle iStore system, a system for creating, managing, and personalizing online stores, allows a perpetrator to gain unauthorized access to protected information or to read, add, or delete data.
The vulnerability of the Runtime Catalog component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized acce...
The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a malicious actor to gain read, modify, add, or delete access to data, or to cause a service failure.
The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read, modify, add, or delete access to data, or cause a service failure using the HTTP...
The vulnerability of the access control function of the IoT network management software Field Network Director allows a perpetrator to gain access to modify, add, or delete data.
The vulnerability of the access control function in the IoT network management software Field Network Director is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to modify, add, or delete data...
The vulnerability of the SWSE Server component of the Siebel UI Framework allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the SWSE Server component of the Siebel UI Framework is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized access to protected information using the HTTP...
The vulnerability of the UI Servlet component of the Oracle Configurator allows a attacker to gain access to read, modify, add, or delete data.
The vulnerability of the UI Servlet component of the Oracle Configurator is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protocol...