212 matches found
CVE-2025-24968
CVE-2025-24968 — reNgine is affected by an unrestricted project deletion vulnerability. According to PT Security and Red Hat entries, attackers with specific roles (e.g., penetration tester , auditor ) can delete all projects, potentially enabling a complete system takeover via redirection to the...
The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application allows a malicious individual to gain unauthorized access to read, modify, add, or delete data.
The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application relates to deficiencies in the authorization process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read, modify, add, or delete data...
CVE-2024-52330
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates...
CVE-2025-0615
CVE-2025-0615 affects Qualifio’s Wheel of Fortune. The vulnerability is an input validation issue in the Wheel of Fortune component that allows an attacker to insert a '+' into an email address to access the application and win prizes multiple times. Concrete details across sources confirm the af...
The vulnerability of the Woocommerce Product Design plugin of the WordPress content management system arises from incorrect restrictions on the path to the restricted catalog. This allows attackers to gain access to read, modify, or delete data.
The vulnerability of the Woocommerce Product Design plugin in the WordPress content management system is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain access to read, modify, or delete data...
CVE-2024-44243
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system...
CVE-2024-9872 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasaveuserdatacallback function in all versions up to, and including, 4.5.1. This makes it possible for authenticated...
PT-2024-34176 · Qnap · Qnap Qts +1
Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.2.1.2930 build 20241025 QNAP QuTS hero versions prior to h5.2.1.2929 build 20241025 Description: A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system...
MTN Group: Admin Dashboard Access Leads to Updating Merchant Info
The application had a hidden registration endpoint that allowed an unauthorized user to sign up for an admin portal. This granted the user access to the admin dashboard, where they could view, edit, and delete information for registered merchants, cashiers, stations, and supervisors...
CVE-2024-21265
Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite component: Site Hierarchy Flows. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Site Hub. Successful...
Oracle BI Publisher 安全漏洞
Oracle BI Publisher is a reporting solution from Oracle Corporation USA that makes it easier and faster to create, manage and deliver all reports and documents than traditional reporting tools. A security vulnerability exists in Oracle BI Publisher versions 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. An...
flatpak: Access to files outside sandbox for apps using persistent= (--persist)
A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...
PT-2024-32870 · WordPress · Boostify Header Footer Builder
Name of the Vulnerable Software and Affected Versions: Boostify Header Footer Builder for Elementor plugin for WordPress versions up to, and including, 1.3.3 Description: The issue is related to unauthorized modification of data due to a missing capability check on the create bhf post function...
Sangoma cg6kwin2k.sys 安全漏洞
Sangoma cg6kwin2k.sys is a configuration program from Sangoma Canada. A security vulnerability exists in Sangoma cg6kwin2k.sys versions prior to 2.1.7.0, which stems from vulnerability to insufficient IOCTL access control, where by sending a specific IOCTL request, a user without administrator...
PT-2024-21879 · Planet · Planet Igs-4215-16T2S
Name of the Vulnerable Software and Affected Versions: Planet IGS-4215-16T2S version 1.305b210528 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that could allow a remote attacker to trick some authenticated users into performing actions in their session. This includes...
PT-2024-6681 · Mongodb · Mongodb Rust Driver
Name of the Vulnerable Software and Affected Versions: MongoDB Rust Driver versions prior to 2.8.2 Description: The issue is related to incorrect handling of syntactically incorrect structures, which may result in the construction of unintended server commands. This could lead to unexpected...
WordPress Plugin Categorify Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2024-21917
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a...
The vulnerability of the Outcome-Result sub-component of the Oracle Customer Interaction History component in the Oracle E-Business Suite system allows a malicious actor to gain access to read, modify, add, or delete data.
The vulnerability of the CRM User Management Framework component of the Oracle Customer Interaction History component within the Oracle E-Business Suite system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to read, modify...
OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123)
Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modificati...