Lucene search
K

380 matches found

CNNVD
CNNVD
added 2025/05/02 12:0 a.m.3 views

Le-show Medical Practice Management System SQL注入漏洞

Le-show Medical Practice Management System is an integrated management system for medical clinics by Le-show, a Chinese company. A SQL injection vulnerability exists in Le-show Medical Practice Management System V3.0.25 and prior versions, which stems from a SQL injection vulnerability that could...

9.8CVSS7.8AI score0.00456EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/24 12:0 a.m.3 views

WordPress plugin WPMasterToolKit (WPMTK) – All in one plugin 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exists ...

7.2CVSS7.3AI score0.0086EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/04/16 5:29 p.m.6 views

openjdk: Improve compiler transformations (Oracle CPU 2025-04)

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

4.8CVSS7.4AI score0.00492EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/04/16 12:0 a.m.7 views

The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260, a multi-functional instrument for measuring parameters of electrical circuits, allows a hacker to gain access to read, modify, and delete data.

The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260 multi-functional measurement instruments for electrical networks lies in the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker to gain access to read, modify, and delet...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References2
OSV
OSV
added 2025/04/15 9:15 p.m.6 views

UBUNTU-CVE-2025-30698

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle...

5.6CVSS6.7AI score0.00518EPSS
Exploits0References15
BDU FSTEC
BDU FSTEC
added 2025/04/02 12:0 a.m.16 views

The vulnerability of the XWiki platform for creating collaborative web applications lies in errors that occur when using privileged application programming interfaces (APIs). This allows a malicious individual to gain access to read, modify, and delete user accounts.

The vulnerability of the XWiki Platform relates to errors that occur when using privileged application programming interfaces APIs. Exploiting this vulnerability can allow a malicious actor to gain access to read, modify, and delete user accounts...

6.8CVSS5.5AI score0.00519EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/18 12:0 a.m.5 views

The vulnerability of the WPLMS training management system, a content management system for WordPress websites, allows an attacker to gain access to read, modify, or delete data.

The vulnerability of the WPLMS training management system involves incorrect restrictions on the path to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...

10CVSS8.1AI score0.34094EPSS
Exploits2References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/04 11:43 p.m.2 views

CVE-2024-22059

A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS...

8.8CVSS8.8AI score0.0107EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/01/29 8:0 a.m.3 views

ACPI: CPPC: Make rmw_lock a raw_spin_lock

...

5.5CVSS7AI score0.00219EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/01/28 12:0 a.m.8 views

The vulnerability of the command-line interface (CLI) of the FortiRecorder surveillance system’s microprogramming software allows a perpetrator to gain access to read, modify, and delete any files they desire.

The vulnerability of the command-line interface CLI of the FortiRecorder surveillance system software relates to incorrect restrictions on the path name to the restricted-access directory. Exploiting this vulnerability can allow an attacker to gain read, modify, and delete access to arbitrary fil...

5.2CVSS5.6AI score0.00192EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/21 12:0 a.m.4 views

The vulnerability of the LibreOffice office software package arises from incorrect restrictions on the path to the restricted access directory. This allows attackers to gain read, modify, or delete access to data.

The vulnerability of the LibreOffice office software package is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...

3.3CVSS5.3AI score0.00294EPSS
Exploits0References9Affected Software4
CNNVD
CNNVD
added 2025/01/20 12:0 a.m.4 views

aEnrich a+HRD SQL注入漏洞

aEnrich a+HRD is an all-in-one human resource development solution from Acer China aEnrich. A SQL injection vulnerability exists in aEnrich a+HRD 7.5 and prior versions, which originates from allowing an attacker to inject arbitrary SQL commands to read, modify, and delete database content...

9.8CVSS8.2AI score0.00712EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.4 views

SAP NetWeaver AS 代码问题漏洞

SAP NetWeaver AS is an SAP web application server from SAP, Germany. It not only provides web services, but is also the basic platform for SAP software. A code issue vulnerability exists in SAP NetWeaver AS, which stems from susceptibility to a stored cross-site scripting attack that allows an...

4.8CVSS5.9AI score0.0023EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/25 12:0 a.m.5 views

PT-2024-10266 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0 Description: The issue is related to a vulnerability in the Web Runtime SEC component of JD Edwards EnterpriseOne Tools, which can be easily exploited. This vulnerability allows an...

5.5CVSS7.7AI score0.00187EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/12/17 12:0 a.m.5 views

The vulnerability of the CLI command-line interface of the GitHub collaborative development platform involves an incorrect restriction on the path name to the restricted directory. This allows a malicious user to gain read, modify, or delete access to files.

The vulnerability of the CLI command-line interface of the GitHub collaborative development platform relates to incorrect path name restrictions for restricted directories when processing the artifact name and the --dir flag. Exploiting this vulnerability may allow a malicious actor to gain read,...

3.7CVSS5.5AI score0.00633EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.4 views

SAP Adobe Document Service 代码问题漏洞

Adobe Document Service is a service provided by Adobe for processing documents, supporting PDF creation, editing and other functions. A code issue exists in Adobe Document Service that originates from a vulnerability that allows an attacker with administrator privileges to send a specially crafte...

9.1CVSS9.1AI score0.00874EPSS
Exploits0References2
OSV
OSV
added 2024/11/22 4:15 p.m.4 views

CVE-2024-38646

An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource. We have already fixed the vulnerabilit...

6CVSS5.8AI score0.00177EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/19 12:0 a.m.4 views

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain read, modify, or delete access to data.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data by sendin...

7.5CVSS5.5AI score0.00545EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/11 12:0 a.m.3 views

PT-2024-8875 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java affected versions not specified Description: The issue is related to a missing authorization check in SAP NetWeaver AS Java, specifically in the System Landscape Directory. This allows an unauthorized user to read and...

6.5CVSS6.7AI score0.0026EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/11/09 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of an rmwlock type issue...

5.5CVSS6.6AI score0.00219EPSS
Exploits0References5
Rows per page
Query Builder