6680 matches found
PT-2025-6821 · Churchcrm · Churchcrm
Name of the Vulnerable Software and Affected Versions: ChurchCRM versions 5.13.0 and prior Description: A time-based blind SQL Injection vulnerability exists in the EditEventTypes functionality, allowing an attacker to execute arbitrary SQL queries. The newCountName parameter is directly...
The vulnerability of the OSB Core Functionality component of the integration platform for managing, routing, and processing messages between applications and services in Oracle Service Bus (OSB) allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the OSB Core Functionality component of the integration platform for managing, routing, and processing messages between applications and services in Oracle Service Bus is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an...
Linux kernel bnxt driver code issue vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a code issue vulnerability that stems from the bnxt driver not properly recalculating network device characteristics after XDP is disabled, which...
CVE-2024-13513
CVE-2024-13513 affects the Oliver POS – a WooCommerce WordPress plugin, with Sensitive Information Exposure via the plugin’s logging functionality in versions up to 2.4.2.3. Unauthenticated attackers could extract sensitive data (e.g., clientToken) from logs, enabling changes to user account info...
MAL-2025-191803 Malicious code in network-utils-simple (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1fd943d3243197ac153b2623548e62b4225a59f611cf13fe962bc3ced369a32d During installation, there is an attempt to download and execute code. The package has no real functionality. --- Category: MALICIOUS - The campaign has clearl...
Malicious code in network-utils-simple (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1fd943d3243197ac153b2623548e62b4225a59f611cf13fe962bc3ced369a32d During installation, there is an attempt to download and execute code. The package has no real functionality. --- Category: MALICIOUS - The campaign has clearl...
CVE-2024-31144
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
CVE-2024-31144
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
CVE-2025-25198
mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the Host HTTP header to generate a password reset link pointing to an attacker-controlled domain. This...
CVE-2025-25295 Label Studio has a Path Traversal Vulnerability via image Field
Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...
CVE-2023-37482
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames...
CVE-2024-11771
Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality...
CVE-2023-37482
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames...
CVE-2023-37482
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames...
CVE-2023-37482
CVE-2023-37482 affects Siemens SIMATIC web servers (e.g., SIMATIC S7-1200/1500 family). The vulnerability stems from login response timing not being normalized, enabling an unauthenticated remote attacker to perform user enumeration by distinguishing valid vs. invalid usernames via a side channel...
February 11, 2025—Hotpatch KB5052106 (OS Build 20348.3148)
February 11, 2025—Hotpatch KB5052106 OS Build 20348.3148 Improvements and fixes This security update includes quality improvements. Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the...
CVE-2024-13643 Zox News <= 3.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Modification
The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of service conditions due to missing capability checks on the backupoptions and resetoptions functions i...
Azure Linux 3.0 Security Update: kernel (CVE-2024-45009)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45009 advisory. - In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement addaddraccepte...
CVE-2025-1076
A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...
CVE-2025-0675
Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure...