Lucene search
K

132 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-20969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior...

5.5CVSS5.8AI score0.00839EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-21882

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily...

2.7CVSS5.9AI score0.00638EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 10:21 p.m.3 views

CVE-2025-55156 PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter addlinks in API /json/addpackage is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched ...

8.8CVSS7.2AI score0.00303EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-21635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Easily exploitable...

6.5CVSS5.9AI score0.01027EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/02 12:0 a.m.6 views

PT-2025-31735 · WordPress · Ultimate Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Ultimate Addons for Elementor versions up to and including 2.4.6 Description: The Ultimate Addons for Elementor plugin for WordPress contains a flaw that allows unauthorized data modification. A missing capability check within the save hfe...

4.3CVSS6.2AI score0.00227EPSS
Exploits0References8
OSV
OSV
added 2025/07/15 8:15 p.m.2 views

CVE-2025-50060

Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Web Server. Supported versions that are affected are 7.6.0.0.0, 8.2.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/15 12:0 a.m.4 views

Oracle Fusion Middleware 访问控制错误漏洞

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collection, etc. WebLogic Server is one of the application server components for cloud and traditional...

4CVSS7.1AI score0.00157EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/23 8:39 a.m.8 views

CVE-2025-4571

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated...

5.4CVSS6.7AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:11 a.m.7 views

CVE-2024-1352

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtclimportlocation rtclimportcategory functions in all versions up to, and including, 3.0.4. This makes it...

6.5CVSS6.4AI score0.00552EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:11 a.m.8 views

CVE-2023-3956

The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'eventsreceiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add,...

9.8CVSS6.7AI score0.00758EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:18 a.m.5 views

CVE-2023-51699

Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8...

6CVSS7.9AI score0.00611EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:34 p.m.8 views

CVE-2021-34395

Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service...

4.6CVSS6.5AI score0.00179EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:2 p.m.4 views

CVE-2021-2093

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

8.2CVSS6.5AI score0.01169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:2 p.m.6 views

CVE-2021-2015

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Worklist. Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks...

8.2CVSS6.5AI score0.01169EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.5 views

PT-2025-18358 · WordPress · Projectopia

Name of the Vulnerable Software and Affected Versions: The Projectopia – WordPress Project Management plugin for WordPress versions up to, and including, 5.1.16 Description: The issue allows unauthorized modification of data, potentially leading to a denial of service. This is due to a missing...

8.1CVSS8.3AI score0.00361EPSS
Exploits0References12
OSV
OSV
added 2025/04/25 6:15 p.m.4 views

CVE-2024-30152

HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts...

9.8CVSS5.8AI score0.00184EPSS
Exploits0References1
Veracode
Veracode
added 2025/04/15 3:55 a.m.7 views

Cross-Site Request Forgery (CSRF)

concrete5/concrete5 is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient sanitization and addresses not being properly sanitized in the output when a country is not specified. It allows an attacker with limited permissions to glean restricted information,...

6.5CVSS6.6AI score0.00161EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/15 12:0 a.m.7 views

The software client’s vulnerability for providing remote access with SonicWall NetExtender allows a intruder to gain access to modify data.

The vulnerability of the software client for remote access support provided by SonicWall NetExtender is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain access to modify data...

7.2CVSS7.1AI score0.00327EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/03/11 12:36 a.m.49 views

CVE-2025-26660

CVE-2025-26660 affects SAP Fiori applications using the posting library. During setup, security settings may be left at default or inadequately defined, enabling a low-privilege attacker to bypass access controls and potentially modify data. Confidentiality and availability are not indicated as i...

4.3CVSS7.4AI score0.00277EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/09 4:22 p.m.16 views

CVE-2024-7425

The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop...

7.2CVSS7.1AI score0.00392EPSS
Exploits0References1
Rows per page
Query Builder