CVE-2025-25614

CVE-2025-25614 affects Unifiedtransform version 2.0 and stems from an Incorrect Access Control flaw that enables privilege escalation, allowing teachers to update other teachers’ personal data. The advisory entries consistently describe this as a data-access control deficiency with high impact (C...

CVE-2025-25614

Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers...

Unifiedtransform 访问控制错误漏洞

Unifiedtransform is an open source school management software from the individual developer Hasib Mahmud. A security vulnerability exists in Unifiedtransform version 2.0, which stems from an access control error that could lead to teachers updating other teachers' personal data...

CVE-2024-13653 ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' function in all versions up to, and including, 2.12.0. This makes it possible fo...

SUSE-SU-2025:0235-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.26+4 January 2025 CPU Security fixes: - CVE-2025-21502: Enhance array handling JDK-8330045, bsc1236278 Other changes: - JDK-8224624: Inefficiencies in CodeStrings::addcomment cause - timeouts - JDK-822504...

CVE-2025-21527

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Design Tools SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

CVE-2025-21489

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Region Mapping. Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advance...

Oracle Java SE 安全漏洞

Oracle Java SE is an Oracle Corporation USA for the development and deployment of Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition for Oracle Java...

Oracle Construction and Engineering Suite 安全漏洞

Oracle Construction and Engineering Suite is a portfolio management solution suite product for construction projects from Oracle Corporation USA. A security vulnerability exists in Primavera P6 Enterprise Project Portfolio Management for Oracle Construction and Engineering Suite. An attacker coul...

CVE-2024-42188

HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios...

CVE-2024-42188

HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios...

CVE-2024-42188 HCL Connections is vulnerable to a broken access control vulnerability

HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios...

CVE-2024-42188

CVE-2024-42188 affects HCL Connections and describes a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. Public technical details in connected documents include: affected product (HCL Connections) and the vulnerability class (broken acces...

CVE-2024-42188 HCL Connections is vulnerable to a broken access control vulnerability

HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios...

CLSA-2024-1730920734 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to shenandoah-jdk8u432-b06 fixing the following CVEs: - CVE-2024-21208: unauthorized partial DoS vulnerability - CVE-2024-21210: unauthorized update, insert, or delete access to some of data - CVE-2024-21217: unauthorized partial DoS vulnerability - CVE-2024-21235: unauthorized update,...

[SECURITY] [DLA 3935-1] distro-info-data database update

Debian LTS Advisory DLA-3935-1 [email protected] https://www.debian.org/lts/security/ Stefano Rivera October 24, 2024 https://wiki.debian.org/LTS Package : distro-info-data Version : 0.51+deb11u7 This is a routine update of the distro-info-data database for Debian LTS users. It adds...

Unspecified Vulnerability in Oracle MySQL Cluster (CNVD-2025-18083)

Oracle MySQL Cluster is the United States Oracle Oracle company developed a write scalable, real-time, ACID-compatible transactional database. A security vulnerability exists in Oracle MySQL Cluster, which can be exploited by an attacker to update, insert, or delete accessible data...

Unspecified Vulnerability in Oracle MySQL (CNVD-2025-18064)

Oracle MySQL is an open source relational database management system from Oracle Corporation.MySQL Connectors is one of the drivers for connecting applications that use MySQL. A security vulnerability exists in MySQL Connectors for Oracle MySQL, which can be exploited by an attacker to update,...

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system from Oracle Corporation USA. This database management system provides data management, distributed processing, and other functions. A security vulnerability exists in the Java VM of Oracle Database Server. An attacker exploiting th...

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system from Oracle Corporation USA. The database management system provides data management, distributed processing, and other functions. A security vulnerability exists in Oracle Database Core for Oracle Database Server. An attacker coul...