161 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-21305
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are...
Data Brokers Are Hiding Their Opt-Out Pages From Google Search
Dozens of companies are hiding how you can delete your personal data, The Markup and CalMatters found...
PT-2025-32386 · Mitel · Micollab +1
Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.8 SP2 9.8.2.12 Description: A vulnerability exists in the NuPoint Unified Messaging NPM component that could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input...
CVE-2025-52913
The CVE-2025-52913 affects Mitel MiCollab’s NuPoint Unified Messaging (NPM) component up to version 9.8 SP2 (9.8.2.12). The root cause is insufficient input validation, enabling an unauthenticated attacker to perform a path traversal attack. Exploitation could grant unauthorized access to view, c...
sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+
Impact Under specific circumstances, text composables may contain unmasked sensitive data in Android session replays. You may be impacted if you meet the following conditions: - Using any sentry-android with versions = 1.8.0-alpha08 - This includes any alpha, beta, release candidate, or general...
FreeScout 安全漏洞
FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that is caused by incorrect configuration of the root folder of the object Storage. An attacker could exploit the...
CVE-2021-2066
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside...
Splunk 访问控制错误漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. It is used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk suffers from an Access Control Error...
CVE-2025-1389
Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents...
WeGIA SQL注入漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. An SQL injection vulnerability exists in WeGIA 3.2.11 and prior versions that originates from allowing an authorized attacker to execute arbitrary SQL queries that could allow access to or delete sensitiv...
Oracle Construction and Engineering Suite 安全漏洞
Oracle Construction and Engineering Suite is a portfolio management solution suite product for construction projects from Oracle Corporation USA. A security vulnerability exists in Oracle Construction and Engineering Suite. An attacker could exploit the vulnerability to update, insert, or delete...
CVE-2025-0585
The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2024-10476
Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information PHI and personally identifiable information PII. Exploitation of this...
IBM Concert 安全漏洞
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. A...
Grand Vice info Webopac SQL注入漏洞
Grand Vice info Webopac is an online public access catalog from China Xinxueying Info Grand Vice info. It is used for users to use library services through the Internet. A SQL injection vulnerability exists in Grand Vice info Webopac version 6.x prior to 6.5.1 and version 7.x prior to 7.2.3, whic...
CVE-2024-10615
A vulnerability was found in Tongda OA 2017 up to 11.10. It has been rated as critical. Affected by this issue is some unknown functionality of the file /general/approvecenter/query/list/inputform/deletedataattach.php. The manipulation of the argument RUNID leads to sql injection. The attack may ...
TONGDA Office Anywhere SQL注入漏洞
TONGDA Office Anywhere is a collaborative office OA system from China Tongda TONGDA. TONGDA Office Anywhere suffers from a SQL injection vulnerability, which originates from a SQL injection vulnerability in the RUNID parameter of the /general/approvecenter/query/list/inputform/deletedataattach.ph...
SAP for Oil & Gas 安全漏洞
SAP for Oil & Gas is an enterprise resource planning ERP solution from SAP, Germany. A security vulnerability exists in SAP for Oil & Gas, which stems from a lack of authorization checking that allows authenticated, non-administrative users to invoke a remote function that would allow them to...
CVE-2024-8327
Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents...
PT-2024-37434 · WordPress · Booking Ultra Pro Appointments Booking Calendar Plugin
Name of the Vulnerable Software and Affected Versions: The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress versions up to, and including, 1.1.13 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify and delete multiple...