Lucene search
K

484 matches found

OSV
OSV
added 2025/07/16 8:36 a.m.12 views

CLSA-2025-1752655009 java-1.8.0-openjdk: Fix of 7 CVEs

CVE-2024-20952: remote data access or modification in sandboxed clients - CVE-2024-20932: modify or access sensitive data in sandboxed client environments - CVE-2024-20918: remote data access or modification in sandboxed clients - CVE-2024-20926: remote data access in sandboxed clients -...

7.5CVSS5.8AI score0.01026EPSS
Exploits0References1
OSV
OSV
added 2025/07/15 8:15 p.m.2 views

CVE-2025-30762

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...

7.5CVSS5.8AI score0.00375EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/07 12:0 a.m.10 views

The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data remotely...

7.4CVSS7.1AI score0.00359EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/03 12:0 a.m.8 views

The vulnerability of the Traffic Service service (traffic_stat/traffic_service/traffic_service.c) in the network device software developed by ASR Microelectronics, including models ASR1803L, ASR1806, ASR1901, and ASR1903L, allows a malicious actor to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Traffic Service service trafficstat/trafficservice/trafficservice.c of the network card microprogramming software from ASR Microelectronics, models ASR1803L, ASR1806, ASR1901, and ASR1903L, is related to improper cleaning or release of resources. Exploiting this...

5.5CVSS5.5AI score0.00234EPSS
Exploits0References2Affected Software4
BDU FSTEC
BDU FSTEC
added 2025/07/02 12:0 a.m.12 views

The vulnerability of the microprogramming software of the Elfatek Elektronik ANKA JPD 00028 series radio control system, related to improper access control, allows a intruder to gain unauthorized access and compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the microprogramming software of the Elfatek Elektronik ANKA JPD 00028 series radio control system is related to improper access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access and compromise the...

6.9CVSS5.5AI score0.00148EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/06/17 12:0 a.m.7 views

The vulnerability of the NotificationEmailRendererClass class in the XWiki Platform allows a malicious user to gain access to read and modify data.

The vulnerability of the NotificationEmailRendererClass class in the XWiki Platform’s collaborative web application development platform involves shortcomings in access control when processing templates. Exploiting this vulnerability could allow a malicious actor to gain access to read and modify...

4.1CVSS5.4AI score0.00228EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/06/15 8:28 p.m.12 views

MAL-2025-191695 Malicious code in browser-history-analytics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e1ac674eaa856956dea531487502bd21a51f5324bdfcaf788645bbbb41eb27f5 When starting the server with expected functionality with potentially sensitive content, the package silently sends the location external IP to a remote...

6.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.5 views

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function...

8.8CVSS7.6AI score0.04019EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:0 a.m.6 views

CVE-2023-28843

PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data,...

9.8CVSS8AI score0.01173EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:33 a.m.7 views

CVE-2023-1256

The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...

9.8CVSS7.1AI score0.00678EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:2 p.m.4 views

CVE-2021-2211

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP ...

5.9CVSS6AI score0.02408EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:18 a.m.8 views

CVE-2014-5250

Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via unspecified vectors...

7.5CVSS7.1AI score0.02357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:21 a.m.12 views

CVE-2011-4867

The Tencent QQPhoto com.tencent.qqphoto application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application...

5.8CVSS6.9AI score0.01054EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:39 a.m.11 views

CVE-2011-4865

The Tencent WBlog com.tencent.WBlog 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application...

5.8CVSS6.9AI score0.01054EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:20 p.m.8 views

CVE-2004-2298

Novell Internet Messaging System NIMS 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator...

6.4CVSS7.2AI score0.01508EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/09 9:44 a.m.10 views

CVE-2025-20968

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery...

7.2CVSS7.1AI score0.00267EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.11 views

gvfs bug fix update

An update is available for gvfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GVFS is the GNOME Desktop Virtual File System layer that allows users to easily...

7.1AI score
Exploits0
OSV
OSV
added 2025/05/07 9:15 a.m.6 views

CVE-2025-20968

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery...

9.1CVSS5.8AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 11:28 p.m.8 views

CVE-2025-31338

A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality...

6.9CVSS6.8AI score0.00406EPSS
Exploits0References3
NVD
NVD
added 2025/04/17 3:15 a.m.26 views

CVE-2025-31338

A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality...

6.9CVSS0.00406EPSS
Exploits0References1
Rows per page
Query Builder