186 matches found
The vulnerability of Websoft HCM’s automation software for HR processes stems from insufficient validation of input data, allowing attackers to execute the displayed HTML code.
The vulnerability of Websoft HCM’s automation software for HR processes is related to insufficient verification of entered data. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code by sending a specially crafted POST request...
Multi-Vendor BIOS Security Vulnerabilities (April 2025) - Lenovo Support US
No description provided...
Infinxt iEdge 100 安全漏洞
Infinxt iEdge 100 is a next-generation secure SD-WAN appliance for small and medium-sized branch offices from Infinxt. A security vulnerability exists in the Infinxt iEdge 100 version 2.1.32, which stems from improper validation of user input for the mtrIp parameter in the MTR function of the...
The vulnerability of the set_add_routing function in the internet.cgi script of the Wavlink AC3000 (WL-WN533A8) router microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the setaddrouting function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
WordPress plugin Easy Form Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
The vulnerability of the JavaScript library for secure cleaning and protection of HTML code, DOMPurify, is related to deficiencies in the validation of input data containing XSS attack indicators. This vulnerability allows attackers to execute cross-site scripting attacks.
The vulnerability of the JavaScript library for secure cleaning and protection of HTML code, DOMPurify, is related to deficiencies in the validation of input data containing XSS attack indicators. Exploiting this vulnerability can allow a remote attacker to execute cross-site scripting attacks...
SuiteCRM SQL注入漏洞
SuiteCRM is an open source, enterprise-level customer relationship management CRM software. SuiteCRM suffers from a SQL injection vulnerability that is caused by insufficient validation of input values. An attacker can exploit the vulnerability to execute SQL commands, which in turn may be used t...
The vulnerability of the NuPoint Unified Messaging component of the Mitel MiCollab collaboration platform, related to insufficient validation of input data, allows a perpetrator to execute arbitrary commands.
The vulnerability of the NuPoint Unified Messaging component of the Mitel MiCollab collaboration platform relates to the failure to implement measures to neutralize specific elements. Exploiting this vulnerability allows attackers to execute arbitrary commands...
The vulnerability of the Vendure corporate platform lies in improper cleaning of file paths and bypassing directories due to insufficient verification of input data. This allows attackers to disclose protected information or cause service failures.
The vulnerability of the Vendure corporate platform lies in improper cleaning of file paths and bypassing directories due to insufficient verification of input data. Exploitation of this vulnerability can allow a malicious actor to disclose protected information or cause service failures...
The vulnerability of the UI and Visualization components of the Oracle Hyperion BI+ service allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the UI and Visualization component of the Oracle Hyperion BI+ service is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...
Vulnerability of the Server component: The Oracle MySQL Server database management system, which allows attackers to cause service interruptions.
The vulnerability of the Oracle MySQL Server component of the database management system involves insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
CVE-2024-45920
A Stored Cross-Site Scripting XSS vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "Intrest" feature...
Lenovo XClarity Controller (XCC) Vulnerabilities - Lenovo Support US
No description provided...
The vulnerability of the User Management component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores. This vulnerability exists in the Oracle E-Business Suite, a business automation system that allows attackers to gain unauthorized access to protected information.
The vulnerability of the User Management component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores, and of the Oracle E-Business Suite system, which is used for automating business operations, is related to insufficient validation of input data...
The vulnerability of the Hotspot component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a perpetrator to gain access to modify, add, or delete data.
The vulnerability of the Hotspot component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data...
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...
PT-2024-4886 · Oracle · Oracle Complex Maintenance
Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul product, part of...
PT-2024-3115 · Microsoft · Ole Db Driver For Sql Server +1
Name of the Vulnerable Software and Affected Versions: Microsoft OLE DB Driver for SQL Server affected versions not specified Description: The issue exists due to insufficient input validation in the Microsoft OLE DB Driver for SQL Server. This allows a remote attacker to execute arbitrary code...