Lucene search
+L

171 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-26254

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00705EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0971

Malicious code in bioql PyPI...

5.6CVSS7.4AI score0.00348EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-21536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and pri...

4.9CVSS6AI score0.00928EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/28 4:32 a.m.17 views

CVE-2025-54385

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions between 17.0.0-rc1 to 17.2.2 and versions 16.10.5 and below, it's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The...

9.8CVSS7.8AI score0.00577EPSS
Exploits0References1
NVD
NVD
added 2025/06/12 3:15 p.m.30 views

CVE-2024-56158

XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Thi...

9.8CVSS0.00431EPSS
Exploits0References3
CVE
CVE
added 2025/06/12 2:56 p.m.115 views

CVE-2024-56158

CVE-2024-56158 affects XWiki; SQL injection arises via Oracle DBMS_XMLGEN/DBMS_XMLQUERY usage where the query validator does not sanitize functions in a simple select and Hibernate allows native functions in HQL. Affected versions are XWiki prior to 16.10.2, 16.4.7, and 15.10.16; remediation is t...

9.8CVSS7.4AI score0.00431EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 12:2 p.m.10 views

CVE-2025-21558

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering component: Web Access. Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0 and 22.12.1.0. Easily exploitable vulnerability allows low privileged...

5.4CVSS5.9AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:38 a.m.11 views

CVE-2025-21552

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards component: E1 IOT Orchestrator Security. Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD...

6.5CVSS6.3AI score0.00399EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:47 a.m.9 views

CVE-2024-21178

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Portal. Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...

6.1CVSS6.2AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:36 a.m.10 views

CVE-2024-20905

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Enterprise Infrastructure SEC. Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD...

2.7CVSS5.3AI score0.00521EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:6 a.m.9 views

CVE-2024-45384

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not usin...

5.3CVSS5AI score0.00821EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:49 a.m.6 views

CVE-2024-20937

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Monitoring and Diagnostics SEC. Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD...

4.3CVSS5.3AI score0.00375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:20 a.m.7 views

CVE-2022-21601

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Connection Manager. Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

6.5CVSS6.2AI score0.00608EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:42 p.m.4 views

CVE-2022-21532

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards component: E1 IOT Orchestrator. Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards...

4.3CVSS4.9AI score0.00602EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:56 a.m.5 views

CVE-2019-20809

The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings...

7.5CVSS6.6AI score0.00882EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 11:36 p.m.9 views

CVE-2007-5554

Oracle allows remote attackers to obtain server memory contents via crafted packets, aka Oracle reference number 7892711. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE...

7.1CVSS6.7AI score0.02308EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/04/15 8:30 p.m.11 views

CVE-2025-21579

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Options. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

4.9CVSS5.4AI score0.00642EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 3:56 p.m.11 views

CVE-2020-14855

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Administration. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Univers...

10CVSS7.4AI score0.0218EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:17 p.m.10 views

CVE-2020-2950

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Web General. Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker wi...

9.8CVSS7.3AI score0.71031EPSS
Exploits1
NVD
NVD
added 2025/01/21 9:15 p.m.27 views

CVE-2025-21517

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

4.3CVSS0.0039EPSS
Exploits0References1
Rows per page
Query Builder