PT-2026-2988

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data. The issue could allow an attacker to...

CVE-2021-2159

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft component: Frameworks. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS...

CVE-2019-2605

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware subcomponent: Web Catalog. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network...

CVE-2021-2343

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Workflow Notification Mailer. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2021-2218

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Health Center. Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterpris...

WordPress plugin aBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-15239 Quanta Computer｜QOCA aim AI Medical Cloud Platform - SQL Injection

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

Quanta QOCA aim AI Medical Cloud Platform SQL注入漏洞

Quanta QOCA aim AI Medical Cloud Platform is an artificial intelligence AI medical cloud computing integration platform from Quanta Taiwan, China that provides comprehensive AI model development tools covering the entire process from AI development to clinical applications. The Quanta QOCA aim AI...

CVE-2025-62857

A cross-site scripting XSS vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later...

CVE-2025-62857 QuMagie

A cross-site scripting XSS vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later...

EUVD-2025-204333

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling...

CVE-2019-25229

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling...

CVE-2019-25229

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling...

CVE-2019-25229 Kentico Xperience <= 12.0.29 MVC Forms Unrestricted File Upload

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling...

CVE-2019-25229

CVE-2019-25229 concerns Kentico Xperience MVC Forms Unrestricted File Upload. Multiple connected sources describe an issue where authenticated users with only the 'Read data' permission can upload arbitrary file types through the MVC form file uploader components, by manipulating file names, enab...

PT-2025-52295

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling...

PT-2025-51347

Name of the Vulnerable Software and Affected Versions YAOOK Operator affected versions not specified Description An incorrect configuration of replication security within the MariaDB component of the infra-operator in YAOOK Operator could allow an on-path attacker to read database contents, which...

EUVD-2025-203403

EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This could allow an attacker to read potentially sensitive data or possibly cause a denial-of-service by writing malformed data to certain gRPC endpoints. This flaw has been...

CVE-2025-42876

Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud Financials General Ledger, an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could...

CVE-2025-42876 Missing Authorization Check in SAP S/4 HANA Private Cloud (Financials General Ledger)

Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud Financials General Ledger, an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could...