64 matches found
EUVD-2024-18989
Malicious code in bioql PyPI...
EUVD-2022-4918
Malicious code in bioql PyPI...
CVE-2025-59050
Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WMCOPYDATA message using BinaryFormatter.Deserialize without prior validation or authentication, allowing a local process at the same integrity level to trigge...
PT-2025-38057
Name of the Vulnerable Software and Affected Versions: Greenshot versions 1.3.300 and earlier Description: Greenshot is a Windows screenshot utility. The software deserializes attacker-controlled data received in a WM COPYDATA message using BinaryFormatter.Deserialize without prior validation or...
Malicious code in in-process-engine (npm)
The package in-process-engine was found to contain malicious code...
MAL-2025-23101 Malicious code in in-process-engine (npm)
The package in-process-engine was found to contain malicious code...
UBUNTU-CVE-2025-38359
In the Linux kernel, the following vulnerability has been resolved: s390/mm: Fix inatomic handling in dosecurestorageaccess Kernel user spaces accesses to not exported pages in atomic context incorrectly try to resolve the page fault. With debug options enabled call traces like this can be seen:...
The vulnerability of the Messages component of the Oracle Work in Process software solution for manufacturing processes allows a malicious individual to gain unauthorized access to read, modify, or delete data. This vulnerability exists in the Oracle E-Business Suite software.
The vulnerability of the Messages component in the Oracle Work in Process software for managing manufacturing processes is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to read,...
CVE-2024-21276
Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite component: Messages. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Work in Process. Successfu...
CVE-2024-21276
Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite component: Messages. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Work in Process. Successfu...
CVE-2024-21276
CVE-2024-21276 affects Oracle E-Business Suite, Oracle Work in Process (Messages) for versions 12.2.3–12.2.13. The vulnerability allows a low-privilege, unauthenticated attacker with network access via HTTP to cause unauthorized creation, deletion or modification of data, or other unauthorized ac...
Oracle E-Business Suite 安全漏洞
Oracle E-Business Suite is a set of fully integrated global business management software from Oracle USA. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in Oracle Work in Process versions 12.2....
CVE-2024-1901
Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable...
Devolutions Server Security Vulnerability
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2023.3.14.0 and prior versions, which originates from PAM password rotation during the sign-in...
Number withdrawn
DuckDB is an in-process SQL OLAP database management system from DuckDB Open Source. This CVE number has been withdrawn...
PT-2023-9541 · Oracle · Oracle E-Business Suite +1
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to a vulnerability in the Oracle Work in Process product, specifically in the Messages component. This vulnerability can be easily exploited by a...
CVE-2023-22734 Improper Input Newsletter subscription option validation in shopware
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This...
Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...
Fpicker - A Frida-based Fuzzing Suite Supporting Various Modes (Including AFL++ In-Process Fuzzing)
fpicker is a Frida-based fuzzing suite that offers a variety of fuzzing modes for in-process fuzzing, such as an AFL++ mode or a passive tracing mode. It should run on all platforms that are supported by Frida. Installation Instructions Building and Running Creating a Fuzzing Harness Modes and...
CVE-2021-2271
Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite component: Resource Exceptions. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Work ...