SAP Business One 授权问题漏洞

SAP Business One is a suite of business management software from the German company SAP. The software includes functionality for financial management, operations management, and human resource management. SAP Business One suffers from an authorization issue vulnerability that stems from improper...

CVE-2024-53696

A server-side request forgery SSRF vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center...

The vulnerability of the setQuickCfgWifiAndLogin() function in the Tenda W18E router software allows a hacker to bypass security restrictions and gain access to read, modify, or delete data.

The vulnerability of the setQuickCfgWifiAndLogin function in the Tenda W18E router’s microprogramming software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions and gain access to read, modify, or delete data ...

mysql: mysqldump unspecified vulnerability (CPU Oct 2024)

Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

The vulnerability of the Mobile Security Framework (MobSF) for mobile application security research lies in an incorrect pathname limitation, which allows a malicious actor to gain unauthorized access for reading, deleting protected information, and executing arbitrary code.

The vulnerability of the Mobile Security Framework MobSF for mobile application security research is related to an incorrect restriction on the path name to the directory. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to read, delete protected information...

PT-2025-6858 · Citrix · Citrix Secure Access Client For Mac

Name of the Vulnerable Software and Affected Versions: Citrix Secure Access Client for Mac affected versions not specified Description: The issue allows an attacker to gain application privileges, enabling them to perform limited modifications and read arbitrary data. Recommendations: At the...

CVE-2025-1389

Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents...

eLabFTW SQL注入漏洞

eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux and supports storing a wide range of objects. A SQL injection vulnerability exists in eLabFTW versions prior to 5.1.15. The vulnerability stems from the presence of an input validatio...

The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to read data or modify data.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain read access to data or modify data using network packets...

The vulnerability of the check_access() function in the system for launching and managing large language multimodal systems (LoLLMS) allows a perpetrator to gain access to read, modify, or delete data, or to cause service failures.

The vulnerability of the checkaccess function in the system for launching and managing large language multimodal systems LoLLMS is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data, or to cau...

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application allows a attacker to gain read access to data or modify data.

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain read access to data or modify data through HTTP...

Vulnerability of the Server component: Security: Privileges of the Oracle MySQL Server database management system, allowing attackers to gain read access to data, modify data, or obtain privileged access.

The vulnerability of the Server component, specifically Security: Privileges of the Oracle MySQL Server database management system, relates to reading data beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data, modify...

The vulnerability of the IBM Sterling Secure Proxy proxy server arises from the improper assignment of permissions for the critical resource. This allows a malicious actor to gain unauthorized access to read, modify, or delete data.

The vulnerability of the IBM Sterling Secure Proxy proxy server is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data...

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, allows an intruder to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or...

CVE-2025-21554

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications component: Security. Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP...

CVE-2025-21550

Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications component: Web UI. Supported versions that are affected are 8.0.8.1, 8.1.2.7 and 8.1.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

CVE-2025-21542

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications component: Security. Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...

CVE-2025-21507

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

Oracle Construction and Engineering Suite 安全漏洞

Oracle Construction and Engineering Suite is a portfolio management solution suite product for construction projects from Oracle Corporation USA. A security vulnerability exists in Oracle Construction and Engineering Suite. An attacker could exploit the vulnerability to update, insert, or delete...

CVE-2025-0585

The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...