380 matches found
Le-show Medical Practice Management System SQL注入漏洞
Le-show Medical Practice Management System is an integrated management system for medical clinics by Le-show, a Chinese company. A SQL injection vulnerability exists in Le-show Medical Practice Management System V3.0.25 and prior versions, which stems from a SQL injection vulnerability that could...
WordPress plugin WPMasterToolKit (WPMTK) – All in one plugin 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exists ...
openjdk: Improve compiler transformations (Oracle CPU 2025-04)
Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...
The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260, a multi-functional instrument for measuring parameters of electrical circuits, allows a hacker to gain access to read, modify, and delete data.
The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260 multi-functional measurement instruments for electrical networks lies in the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker to gain access to read, modify, and delet...
UBUNTU-CVE-2025-30698
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle...
The vulnerability of the XWiki platform for creating collaborative web applications lies in errors that occur when using privileged application programming interfaces (APIs). This allows a malicious individual to gain access to read, modify, and delete user accounts.
The vulnerability of the XWiki Platform relates to errors that occur when using privileged application programming interfaces APIs. Exploiting this vulnerability can allow a malicious actor to gain access to read, modify, and delete user accounts...
The vulnerability of the WPLMS training management system, a content management system for WordPress websites, allows an attacker to gain access to read, modify, or delete data.
The vulnerability of the WPLMS training management system involves incorrect restrictions on the path to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...
CVE-2024-22059
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS...
ACPI: CPPC: Make rmw_lock a raw_spin_lock
...
The vulnerability of the command-line interface (CLI) of the FortiRecorder surveillance system’s microprogramming software allows a perpetrator to gain access to read, modify, and delete any files they desire.
The vulnerability of the command-line interface CLI of the FortiRecorder surveillance system software relates to incorrect restrictions on the path name to the restricted-access directory. Exploiting this vulnerability can allow an attacker to gain read, modify, and delete access to arbitrary fil...
The vulnerability of the LibreOffice office software package arises from incorrect restrictions on the path to the restricted access directory. This allows attackers to gain read, modify, or delete access to data.
The vulnerability of the LibreOffice office software package is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...
aEnrich a+HRD SQL注入漏洞
aEnrich a+HRD is an all-in-one human resource development solution from Acer China aEnrich. A SQL injection vulnerability exists in aEnrich a+HRD 7.5 and prior versions, which originates from allowing an attacker to inject arbitrary SQL commands to read, modify, and delete database content...
SAP NetWeaver AS 代码问题漏洞
SAP NetWeaver AS is an SAP web application server from SAP, Germany. It not only provides web services, but is also the basic platform for SAP software. A code issue vulnerability exists in SAP NetWeaver AS, which stems from susceptibility to a stored cross-site scripting attack that allows an...
PT-2024-10266 · Oracle · Jd Edwards Enterpriseone Tools
Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0 Description: The issue is related to a vulnerability in the Web Runtime SEC component of JD Edwards EnterpriseOne Tools, which can be easily exploited. This vulnerability allows an...
The vulnerability of the CLI command-line interface of the GitHub collaborative development platform involves an incorrect restriction on the path name to the restricted directory. This allows a malicious user to gain read, modify, or delete access to files.
The vulnerability of the CLI command-line interface of the GitHub collaborative development platform relates to incorrect path name restrictions for restricted directories when processing the artifact name and the --dir flag. Exploiting this vulnerability may allow a malicious actor to gain read,...
SAP Adobe Document Service 代码问题漏洞
Adobe Document Service is a service provided by Adobe for processing documents, supporting PDF creation, editing and other functions. A code issue exists in Adobe Document Service that originates from a vulnerability that allows an attacker with administrator privileges to send a specially crafte...
CVE-2024-38646
An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource. We have already fixed the vulnerabilit...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain read, modify, or delete access to data.
The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data by sendin...
PT-2024-8875 · Sap · Sap Netweaver As Java
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java affected versions not specified Description: The issue is related to a missing authorization check in SAP NetWeaver AS Java, specifically in the System Landscape Directory. This allows an unauthorized user to read and...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of an rmwlock type issue...