CVE-2019-16067

NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication...

CVE-2010-4594

The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services HTTP-AS is enabled, does not properly process TCP connection requests, which allows remote attackers to cause a denial of service memory consumption and HTTP-AS hang by making many connection requests that...

CVE-2025-30692

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite component: Attachments. Supported versions that are affected are 12.2.7-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupplier Portal...

Oracle E-Business Suite (April 2025 CPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2025 CPU advisory. - Vulnerability in the Oracle Scripting product of Oracle E-Business Suite component: iSurvey Module. Supported versions that are affected ar...

CVE-2025-30735

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Page and Field Configuration. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2025-30732

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Core. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object...

CVE-2025-30726

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Core. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object...

CVE-2025-30728

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: Core. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks...

CVE-2025-30727

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite component: iSurvey Module. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful...

CVE-2025-30717

Vulnerability in the Oracle Teleservice product of Oracle E-Business Suite component: Service Diagnostics Scripts. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Teleservice...

CVE-2025-30713

Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager product of Oracle PeopleSoft component: Job Opening. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

CVE-2025-30686

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications component: EMC. Supported versions that are affected are 19.1-19.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality...

CVE-2025-21586

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

CVE-2025-21573

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications component: Chatbot. Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with...

CVE-2025-21573

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications component: Chatbot. Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with...

Oracle Analytics 安全漏洞

Oracle Analytics is an enterprise analytics solution from Oracle Corporation USA. A security vulnerability exists in Oracle BI Publisher version 7.6.0.0.0 and version 12.2.1.4.0 for Oracle Analytics, which originates from an attack by a low-privileged attacker with HTTP web access, and could resu...

PT-2025-16458 · Oracle · Oracle Bi Publisher

Name of the Vulnerable Software and Affected Versions: Oracle BI Publisher versions 7.6.0.0.0 through 12.2.1.4.0 Description: The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher, resulting in unauthorized access to critical data or complete...

PT-2025-16426 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.7 through 12.2.14 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise the Oracle iSupplier Portal, resulting in unauthorized access to critical data or...

PT-2025-16471 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.9.2 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools, resulting in unauthorized access to critical da...

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka “Unauthenticated HTTPS port access.” A race condition exists in the AWS4-HMAC compatible wi...