CVE-2025-36220

Summary of CVE-2025-36220 : IBM Cloud Pak for Data System, Cyclops component, versions 11.3.0.2 through Interim Fix 002, is vulnerable to SQL injection. The root cause is improper handling of SQL commands in the Cyclops backend, allowing a remote attacker to view, add, modify, or delete data in t...

EUVD-2023-33781

Malicious code in bioql PyPI...

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management allows a perpetrator to gain unauthorized access to read, update, add, and delete data.

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system relates to access control errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, update, add, and delete data using the HTTP protocol...

The vulnerability of the Enterprise Learning Management component in the Oracle PeopleSoft Enterprise business application suite allows a malicious actor to gain access to data for modification, addition, and deletion.

The vulnerability of the Enterprise Learning Management component in the Oracle PeopleSoft Enterprise business application suite is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain access to data modification, addition, and...

The vulnerability of the Query component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain access to data modification, addition, and deletion operations.

The vulnerability of the Query component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in the authentication process due to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to gain access to perform dat...

The vulnerability of the Site Hierarchy Flows component of the Oracle Site Hub data storage and management system, a part of the Oracle E-Business Suite, allows an attacker to access, modify, add, and delete data.

The vulnerability of the Site Hierarchy Flows component of the Oracle Site Hub data storage and management system, a part of the Oracle E-Business Suite automation system for enterprise activities, is related to authentication errors. Exploiting this vulnerability could allow an attacker to gain...

The vulnerability of the Analytics Web Answers component of the Oracle Business Intelligence Enterprise Edition software platform allows a hacker to gain access to modify or add data.

The vulnerability of the Analytics Web Answers component of the Oracle Business Intelligence Enterprise Edition software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access and modify or add data using the HTTP protocol...

The vulnerability of the Attribute Admin Setup component of the software application Attribute Admin Setup of the Oracle E-Business Suite allows a malicious individual to gain access to modify, add, or delete data.

The vulnerability of the Attribute Admin Setup component of the Attribute Admin Setup software and the Oracle E-Business Suite system exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to modify, add, or...

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...

The vulnerability of the Simphony POS component of the Oracle Hospitality Simphony sales management platform allows a perpetrator to gain access to modify, add, or delete data, or to trigger a service failure.

The vulnerability of the Simphony POS component of the Oracle Hospitality Simphony sales management platform exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data, or cause service interruptions...

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application allows a perpetrator to gain unauthorized access to protected information and to modify, add, or delete data.

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application relates to insufficient validation of input data. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected information and to modify, ad...

The vulnerability of the Security component of the Oracle Java SE software platform, as well as the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, allows attackers to gain access to modify, add, or delete data.

The vulnerability of the Security component of Oracle Java SE software, as well as of Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the...

The vulnerability of the web server of Delta Electronics’ DX-3021L9 microprogrammed router software arises from insufficient validation of input data. This allows attackers to add, modify, or delete data.

The vulnerability of the web server of the microprogrammed routing software from Delta Electronics DX-3021L9 exists due to insufficient verification of input data. Exploiting this vulnerability can allow a remote attacker to add, modify, or delete data...

CVE-2023-4374

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

Design/Logic Flaw

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

CVE-2023-4374 WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

CVE-2023-4374

CVE-2023-4374 – WP Remote Users Sync (WordPress) vulnerability affecting versions up to 1.2.11 due to a missing capability check in the refresh_logs_async function. This permits authenticated users with subscriber privileges or higher to view logs and potentially add data. Impact is information d...

WordPress Plugin Remote Users Sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2023-28959 · WordPress · Wp Remote Users Sync

Name of the Vulnerable Software and Affected Versions: WP Remote Users Sync plugin for WordPress versions up to, and including, 1.2.11 Description: The issue allows unauthorized access and addition of data due to a missing capability check on the refresh logs async function. This makes it possibl...