132 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-20969
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior...
Linux Distros Unpatched Vulnerability : CVE-2023-21882
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily...
CVE-2025-55156 PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter
pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter addlinks in API /json/addpackage is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched ...
Linux Distros Unpatched Vulnerability : CVE-2022-21635
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Easily exploitable...
PT-2025-31735 · WordPress · Ultimate Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Ultimate Addons for Elementor versions up to and including 2.4.6 Description: The Ultimate Addons for Elementor plugin for WordPress contains a flaw that allows unauthorized data modification. A missing capability check within the save hfe...
CVE-2025-50060
Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Web Server. Supported versions that are affected are 7.6.0.0.0, 8.2.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher...
Oracle Fusion Middleware 访问控制错误漏洞
Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collection, etc. WebLogic Server is one of the application server components for cloud and traditional...
CVE-2025-4571
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated...
CVE-2024-1352
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtclimportlocation rtclimportcategory functions in all versions up to, and including, 3.0.4. This makes it...
CVE-2023-3956
The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'eventsreceiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add,...
CVE-2023-51699
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8...
CVE-2021-34395
Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service...
CVE-2021-2093
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2021-2015
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Worklist. Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks...
PT-2025-18358 · WordPress · Projectopia
Name of the Vulnerable Software and Affected Versions: The Projectopia – WordPress Project Management plugin for WordPress versions up to, and including, 5.1.16 Description: The issue allows unauthorized modification of data, potentially leading to a denial of service. This is due to a missing...
CVE-2024-30152
HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts...
Cross-Site Request Forgery (CSRF)
concrete5/concrete5 is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient sanitization and addresses not being properly sanitized in the output when a country is not specified. It allows an attacker with limited permissions to glean restricted information,...
The software client’s vulnerability for providing remote access with SonicWall NetExtender allows a intruder to gain access to modify data.
The vulnerability of the software client for remote access support provided by SonicWall NetExtender is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain access to modify data...
CVE-2025-26660
CVE-2025-26660 affects SAP Fiori applications using the posting library. During setup, security settings may be left at default or inadequately defined, enabling a low-privilege attacker to bypass access controls and potentially modify data. Confidentiality and availability are not indicated as i...
CVE-2024-7425
The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop...