BIT-LIBPHP-2020-7064 Use-of-uninitialized-value in exif

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

Linux Distros Unpatched Vulnerability : CVE-2023-22113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.33 and prior...

Simopro Technology WinMatrix3 SQL Injection Vulnerability

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a SQL injection vulnerability that stems from the application's lack of validation o...

The vulnerability of the Platform Security component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to gain access to read, modify, and delete data.

The vulnerability of the Platform Security component of the Oracle Business Intelligence Enterprise Edition software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read, modify, and delete privileges on data...

CVE-2025-30756

Vulnerability in Oracle REST Data Services component: General. The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks require human interaction from...

CVE-2025-30759

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Platform Security. Supported versions that are affected are 7.6.0.0.0, 8.2.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTT...

CVE-2025-30760

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.9.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

CVE-2025-30747

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2025-52950

A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director appliance do not validate authorization and...

The vulnerability of the Jenkins automation server’s Git Parameter plugin lies in insufficient validation of input data, allowing attackers to gain read and modify access to these data.

The vulnerability of the Jenkins automation server’s Git Parameter plugin is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to gain read and modify access to data...

CVE-2025-46101

SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model SCORM version before 5.4.3 allows a remote attacker to obtain sensitive information via the ks parameter in jsonscorm.php file...

The vulnerability in the web-based software modeling tool, Visual Composer, of the SAP NetWeaver software integration platform allows a hacker to gain access to and modify data.

The vulnerability of the Visual Composer web tool, a software modeling tool within the SAP NetWeaver integration platform, is related to an incorrect restriction on the path to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain read and modify access to...

The vulnerability of the File Upload plugin in the WordPress content management system allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the File Upload plugin in the WordPress content management system is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data...

CVE-2025-20996

Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with the privilege of Smart Switch. User interaction is required for triggering this vulnerability...

Samsung Smart Switch 安全漏洞

SAMSUNG Smart Switch is a data migration tool from Samsung South Korea. A security vulnerability exists in Samsung Smart Switch versions prior to 3.7.64.10, which stems from improper authorization and could allow a local attacker to read data with Smart Switch privileges...

CVE-2024-21155

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: User Interface. The supported version that is affected is 8.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...

CVE-2023-22093

Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite component: Requisition and Vacancy. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment...

CVE-2023-26457

SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data...

CVE-2023-21885

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

CVE-2023-21997

Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Proxy User Delegation. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User...