484 matches found
CLSA-2025-1752655009 java-1.8.0-openjdk: Fix of 7 CVEs
CVE-2024-20952: remote data access or modification in sandboxed clients - CVE-2024-20932: modify or access sensitive data in sandboxed client environments - CVE-2024-20918: remote data access or modification in sandboxed clients - CVE-2024-20926: remote data access in sandboxed clients -...
CVE-2025-30762
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle...
The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to read, modify, or delete data.
The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data remotely...
The vulnerability of the Traffic Service service (traffic_stat/traffic_service/traffic_service.c) in the network device software developed by ASR Microelectronics, including models ASR1803L, ASR1806, ASR1901, and ASR1903L, allows a malicious actor to gain unauthorized access to protected information or cause service failures.
The vulnerability of the Traffic Service service trafficstat/trafficservice/trafficservice.c of the network card microprogramming software from ASR Microelectronics, models ASR1803L, ASR1806, ASR1901, and ASR1903L, is related to improper cleaning or release of resources. Exploiting this...
The vulnerability of the microprogramming software of the Elfatek Elektronik ANKA JPD 00028 series radio control system, related to improper access control, allows a intruder to gain unauthorized access and compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the microprogramming software of the Elfatek Elektronik ANKA JPD 00028 series radio control system is related to improper access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access and compromise the...
The vulnerability of the NotificationEmailRendererClass class in the XWiki Platform allows a malicious user to gain access to read and modify data.
The vulnerability of the NotificationEmailRendererClass class in the XWiki Platform’s collaborative web application development platform involves shortcomings in access control when processing templates. Exploiting this vulnerability could allow a malicious actor to gain access to read and modify...
MAL-2025-191695 Malicious code in browser-history-analytics (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e1ac674eaa856956dea531487502bd21a51f5324bdfcaf788645bbbb41eb27f5 When starting the server with expected functionality with potentially sensitive content, the package silently sends the location external IP to a remote...
CVE-2024-24320
Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function...
CVE-2023-28843
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data,...
CVE-2023-1256
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...
CVE-2021-2211
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP ...
CVE-2014-5250
Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via unspecified vectors...
CVE-2011-4867
The Tencent QQPhoto com.tencent.qqphoto application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application...
CVE-2011-4865
The Tencent WBlog com.tencent.WBlog 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application...
CVE-2004-2298
Novell Internet Messaging System NIMS 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator...
CVE-2025-20968
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery...
gvfs bug fix update
An update is available for gvfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GVFS is the GNOME Desktop Virtual File System layer that allows users to easily...
CVE-2025-20968
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery...
CVE-2025-31338
A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality...
CVE-2025-31338
A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality...