CVE-2026-34934

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

PraisonAI SQL注入漏洞

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a SQL injection vulnerability that stems from the getalluserthreads function constructing raw SQL queries using unescaped thread IDs, which can be exploited by an attacker to cause SQL injection and gai...

CVE-2026-4370

A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client...

CVE-2026-32306

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .appe...

CVE-2026-32306

CVE-2026-32306 affects OneUptime prior to 10.0.23. The telemetry aggregation API interpolates user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName into ClickHouse queries via .append() with no allowlist, parameterized binding, or input validation. An authentica...

CVE-2026-22238

The CVE-2026-22238 issue affects BLUVOYIX and stems from improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker can send crafted HTTP requests to create a new admin user, potentially granting full access to customer data and compromising the platform by logging in ...

Oracle Siebel CRM 安全漏洞

Oracle Siebel CRM is a set of customer relationship management solutions from Oracle Oracle. The solution includes modules for sales management, marketing management, customer service system, and call center. A security vulnerability exists in Oracle Siebel CRM version 23.3 and earlier versions,...

Oracle Business Intelligence Enterprise Edition 安全漏洞

Oracle Business Intelligence Enterprise Edition is an intelligent business analytics software from Oracle. Visualize and analyze enterprise data to aid decision-making, reduce total cost of ownership, and increase ROI across the organization. A security vulnerability exists in Oracle Business...

Oracle WebLogic Server 安全漏洞

Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...

Oracle Applications Framework 安全漏洞

Oracle Applications Framework is an MVC-based web development framework from Oracle Corporation. A security vulnerability exists in Oracle Applications Framework versions 12.2.6 through 12.2.11. An attacker could exploit this vulnerability to gain access to critical data or full access to all...

Oracle FLEXCUBE Universal Banking 输入验证错误漏洞

Oracle FLEXCUBE Universal Banking is a general purpose digital banking system from Oracle Corporation. An input validation error vulnerability exists in Oracle FLEXCUBE Universal Banking component: Infrastructure versions 12.3, 12.4, 14.0 through 14.3, and 14.5, which can be exploited by an...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in the Oracle Payabl...

CVE-2021-2277

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

CVE-2021-2235

Vulnerability in the Oracle Transportation Execution product of Oracle E-Business Suite component: Install and Upgrade. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2020-2739

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: Advanced UI. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites...

CVE-2018-2793

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products subcomponent: PsAdmin. Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft...

CVE-2017-3324

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access. Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows unauthenticated attacker with...

PT-2011-2550 · Microsoft · Windows Server 2003 +5

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 and SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista versions SP1 and SP2 Microsoft Windows Server 2008 versions Gold, SP2, R2, and R2 SP1 Microsoft Windows 7 versions Gold and SP1...