CVE-2025-8861 Changing｜TSA - Missing Authentication

TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents...

Changing TSA 访问控制错误漏洞

Changing TSA is a timestamp server from Panorama Changing Corporation in Taiwan, China. Changing TSA suffers from an Access Control Error vulnerability that stems from a lack of authentication, which could allow an unauthenticated, remote attacker to read, modify, and delete database contents...

Linux Distros Unpatched Vulnerability : CVE-2023-22091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affect...

Linux Distros Unpatched Vulnerability : CVE-2023-21999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.44 and Prior t...

Linux Distros Unpatched Vulnerability : CVE-2020-14797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261,...

CVE-2025-49559 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a security feature bypass. An attacker could leverage this...

openjdk: Enhance TLS protocol support (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0....

Simopro Technology WinMatrix3 SQL Injection Vulnerability

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a SQL injection vulnerability that stems from the application's lack of validation o...

Medtronic MyCareLink Patient Monitor 安全漏洞

Medtronic MyCareLink Patient Monitor is an open source monitoring system for remote patient monitoring from Medtronic in the United States. A security vulnerability exists in Medtronic MyCareLink Patient Monitor versions prior to 2025.6.25, which stems from the use of an unencrypted file system f...

The vulnerability of the Platform Security component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to gain access to read, modify, and delete data.

The vulnerability of the Platform Security component of the Oracle Business Intelligence Enterprise Edition software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read, modify, and delete privileges on data...

openjdk: Improve scripting supports (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows...

CVE-2025-30756

Vulnerability in Oracle REST Data Services component: General. The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks require human interaction from...

CVE-2025-30760

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.9.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

CVE-2025-30759

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Platform Security. Supported versions that are affected are 7.6.0.0.0, 8.2.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTT...

The vulnerability of the Jenkins automation server’s Git Parameter plugin lies in insufficient validation of input data, allowing attackers to gain read and modify access to these data.

The vulnerability of the Jenkins automation server’s Git Parameter plugin is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to gain read and modify access to data...

The vulnerability of the File Upload plugin in the WordPress content management system allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the File Upload plugin in the WordPress content management system is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data...

PYSEC-2025-79

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

CVE-2024-21038

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2023-26457

SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data...

CVE-2023-21921

Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications component: Core. Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...