VulnCheck KEV: CVE-2026-21962

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0...

PT-2026-7218

In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high...

PT-2026-7200

Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the...

CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...

CVE-2025-15476

The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlisterdoadminajax function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-15476

The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlisterdoadminajax function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

EUVD-2025-206893

The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlisterdoadminajax function in all versions up to, and including, 0.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2020-37147 ATutor 2.2.4 - 'id' SQL Injection

ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admindelete.php...

CVE-2019-25300

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...

CVE-2025-13379

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13379

IBM Aspera Console is affected: versions 3.4.0–3.4.8 are vulnerable to SQL injection (CWE-89). A remote attacker could craft SQL statements to view, add, modify, or delete data in the back-end database. The issue has been addressed in IBM Aspera Console 3.4.8 FP1; upgrading to this fix version is...

PT-2026-6624

Name of the Vulnerable Software and Affected Versions Tanium Discover affected versions not specified Description Tanium Discover was found to have an incorrect default permissions setting. This could potentially allow unauthorized access or modification of data. Recommendations At the moment,...

CVE-2025-15285

The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication and checkCategoryAuthentication functions in all versions up to, and including, 2.2.1. These authorization functions only implement...

PT-2026-6011

Name of the Vulnerable Software and Affected Versions WebPurify Profanity Filter versions up to and including 4.0.2 Description The WebPurify Profanity Filter plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check on the webpurify...

Oracle Enterprise Manager Cloud Control (January 2026 CPU)

The 13.5 and 24.1 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Agent...

PT-2026-5885

Name of the Vulnerable Software and Affected Versions SEO Flow versions prior to 2.2.2 Description The SEO Flow plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check within the checkBlogAuthentication and checkCategoryAuthentication functions...

CVE-2020-37089

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...

CVE-2020-37089

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...

ZSPACE Q2C NAS 安全漏洞

ZSPACE Q2C NAS is a private cloud device developed by ZSPACE Corporation. There is a security vulnerability in the ZSPACE Q2C NAS, which stems from incorrect symbol link tracking. This vulnerability could allow attackers to access all files within the NAS system and alter them...

CVE_choco_2

DESCRIPTION - During the security assessment of "STUDENT WEB...