CVE-2021-37664

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that...

CVE-2025-21562

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Run Control Management. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2025-21553

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net t...

CVE-2025-21539

Vulnerability in the PeopleSoft Enterprise FIN eSettlements product of Oracle PeopleSoft component: eSettlements. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN...

CVE-2025-21538

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

CVE-2025-21530

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Panel Processor. Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2025-21527

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Design Tools SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

CVE-2025-21513

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

DEBIAN-CVE-2025-21502

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Orac...

CVE-2025-21489

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Region Mapping. Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advance...

UBUNTU-CVE-2025-21546

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

Oracle Construction and Engineering Suite 安全漏洞

Oracle Construction and Engineering Suite is a portfolio management solution suite product for construction projects from Oracle Corporation USA. A security vulnerability exists in Primavera P6 Enterprise Project Portfolio Management for Oracle Construction and Engineering Suite. An attacker coul...

Oracle Financial Services Applications 安全漏洞

Oracle Financial Services Applications is a suite of financial services software from Oracle Corporation USA. The product includes core banking, online banking, and estate management. A security vulnerability exists in Oracle Financial Services Behavior Detection Platform for Oracle Financial...

Oracle Java SE 安全漏洞

Oracle Java SE is an Oracle Corporation USA for the development and deployment of Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition for Oracle Java...

CVE-2025-0060

SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this information to impersonate as a high privileged...

SAP BusinessObjects Business Intelligence Platform 代码注入漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP, combining market-leading SAP data integration products, data management products and business intelligence products to eliminate system integration challenges and quickly and easily deploy...

The vulnerability of the Woocommerce Product Design plugin of the WordPress content management system arises from incorrect restrictions on the path to the restricted catalog. This allows attackers to gain access to read, modify, or delete data.

The vulnerability of the Woocommerce Product Design plugin in the WordPress content management system is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain access to read, modify, or delete data...

The vulnerability of the Chatbot component of Oracle Financial Services’ Revenue Management and Billing system allows a hacker to gain unauthorized access to read, add, modify, or delete data.

The vulnerability of the Chatbot component of Oracle Financial Services’ Revenue Management and Billing system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to read, add, modify, or delete...

The vulnerability of the Gogs software interface allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the Gogs Git repository creation software interface is related to errors in handling symbolic links. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to read, modify, or delete data...

PT-2024-10263 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0 Description: The issue is related to the Web Runtime SEC component and can be easily exploited, allowing an unauthenticated attacker with network access via HTTP to compromise JD Edward...