SAP Business One 授权问题漏洞

SAP Business One is a suite of business management software from the German company SAP. The software includes functionality for financial management, operations management, and human resource management. SAP Business One suffers from an authorization issue vulnerability that stems from improper...

CVE-2024-50405

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the...

The vulnerability of the setQuickCfgWifiAndLogin() function in the Tenda W18E router software allows a hacker to bypass security restrictions and gain access to read, modify, or delete data.

The vulnerability of the setQuickCfgWifiAndLogin function in the Tenda W18E router’s microprogramming software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions and gain access to read, modify, or delete data ...

mysql: mysqldump unspecified vulnerability (CPU Oct 2024)

Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

CVE-2025-1389

Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents...

The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to read data or modify data.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain read access to data or modify data using network packets...

Vulnerability of the Server component: Security: Privileges of the Oracle MySQL Server database management system, allowing attackers to gain read access to data, modify data, or obtain privileged access.

The vulnerability of the Server component, specifically Security: Privileges of the Oracle MySQL Server database management system, relates to reading data beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data, modify...

The vulnerability of the check_access() function in the system for launching and managing large language multimodal systems (LoLLMS) allows a perpetrator to gain access to read, modify, or delete data, or to cause service failures.

The vulnerability of the checkaccess function in the system for launching and managing large language multimodal systems LoLLMS is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data, or to cau...

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application allows a attacker to gain read access to data or modify data.

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain read access to data or modify data through HTTP...

CVE-2024-28987

The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data...

CVE-2024-22059

A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS...

The vulnerability of the AppleMobileFileIntegrity component in the MacOS operating system allows a perpetrator to gain access to read and modify data.

The vulnerability of the AppleMobileFileIntegrity component in MacOS operating systems is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to read and modify data...

The vulnerability of the IBM Sterling Secure Proxy proxy server arises from the improper assignment of permissions for the critical resource. This allows a malicious actor to gain unauthorized access to read, modify, or delete data.

The vulnerability of the IBM Sterling Secure Proxy proxy server is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data...

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, allows an intruder to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or...

CVE-2025-21542

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications component: Security. Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...

CVE-2025-21507

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

CVE-2025-0585

The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

The vulnerability of the SuiteCRM customer relationship management system is related to deficiencies in authentication procedures, which allow attackers to circumvent security restrictions and gain access to read, modify, or delete data.

The vulnerability of the SuiteCRM customer relationship management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain access to read, modify, or delete data...

SAP NetWeaver AS 代码问题漏洞

SAP NetWeaver AS is an SAP web application server from SAP, Germany. It not only provides web services, but is also the basic platform for SAP software. A code issue vulnerability exists in SAP NetWeaver AS, which stems from susceptibility to a stored cross-site scripting attack that allows an...

The vulnerability of the Shopping Cart component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores. This vulnerability exists in the Oracle E-Business Suite, a software solution for automating business operations. It allows attackers to gain access to read, modify, or delete data.

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, as well as the Oracle E-Business Suite system for automating business operations, is related to deficiencies in the authentication process. Exploiti...