epa4all-client 数据伪造问题漏洞

epa4all-client is an open-source document writing client tool developed by Oviva AG. Versions of epa4all-client prior to version 1.2.2 contained a data manipulation vulnerability. This vulnerability arises from the possibility for a man-in-the-middle attacker to replace the discovered documents...

WordPress plugin Five Star Restaurant Reservations 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

BSV Ruby SDK 数据伪造问题漏洞

BSV Ruby SDK is a Ruby development toolkit developed by Simon Bettison for BSV blockchain. Versions of the BSV Ruby SDK from 0.3.1 to 0.8.2 had a data manipulation vulnerability. This vulnerability stemmed from the lack of signature verification when storing certificate records, which could allow...

WWBN AVideo 数据伪造问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a data manipulation vulnerability. This vulnerability stemmed from a lack of transaction deduplication in the PayPal IPN v1 handler, which could allow attackers to...

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar, and it serves as an open-source tool for developing encrypted and network-intensive web applications. Versions of Digital Bazaar Forge prior to 1.4.0 contained a data manipulation...

Gogs（Go Git Service） 数据伪造问题漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to version 0.14.2 of Gogs Go Git Service, there was a data manipulation...

MiracleLinux 9 : mysql-8.0.41-2.el9_5.ML.1 (AXSA:2025-9701:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9701:03 advisory. openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date parser overread...

MiracleLinux 9 : mysql-8.0.36-1.el9_3.ML.1 (AXSA:2024-7606:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7606:01 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2023 CVE-2023-21911 mysql: Server: DDL unspecified vulnerability CPU Apr 2023 CVE-2023-21919,...

mysql: DML unspecified vulnerability (CPU Oct 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

Moderate: Red Hat Security Advisory: mysql:8.0 security update

An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: mysql:8.4 security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: mysql: DML unspecified vulnerability CPU Oct 2025 CVE-2025-53053 mysql: InnoDB unspecified vulnerability CPU Oct 2025 CVE-2025-53044...

Moderate: mysql:8.4 security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: openssl: Timing side-channel in ECDSA signature computation CVE-2024-13176 mysql: mysqldump unspecified vulnerability CPU Apr 2025...

CVE-2020-2866

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments / File Upload. Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2025-3942

CVE-2025-3942 affects Tridium Niagara Framework and Tridium Niagara Enterprise Security on Windows, Linux, and QNX, due to Improper Output Neutralization for Logs that enables Input Data Manipulation. Affected versions are Niagara Framework before 4.14.2, before 4.15.1, and before 4.10.11; Niagar...

IDOR vulnerability allowing to update another user's annotations

Description IDOR vulnerability was discovered in wallabag. Proof of Concept 1. Login as a victim. 2. Create an entry and an annotation. In this case the annotation's ID is 3. 3. Login as an attacker. 4. Send the following request. request http PUT /annotations/3 HTTP/1.1 Host: localhost:8000...

PivotX 'Reset my password' Feature Data Manipulation Vulnerability

PivotX is prone to data manipulation vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pivotx:pivotx"; ifdescription...