The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data remotely...

The vulnerability of the Traffic Service service (traffic_stat/traffic_service/traffic_service.c) in the network device software developed by ASR Microelectronics, including models ASR1803L, ASR1806, ASR1901, and ASR1903L, allows a malicious actor to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Traffic Service service trafficstat/trafficservice/trafficservice.c of the network card microprogramming software from ASR Microelectronics, models ASR1803L, ASR1806, ASR1901, and ASR1903L, is related to improper cleaning or release of resources. Exploiting this...

The vulnerability of the microprogramming software of the Elfatek Elektronik ANKA JPD 00028 series radio control system, related to improper access control, allows a intruder to gain unauthorized access and compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the microprogramming software of the Elfatek Elektronik ANKA JPD 00028 series radio control system is related to improper access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access and compromise the...

The vulnerability of the NotificationEmailRendererClass class in the XWiki Platform allows a malicious user to gain access to read and modify data.

The vulnerability of the NotificationEmailRendererClass class in the XWiki Platform’s collaborative web application development platform involves shortcomings in access control when processing templates. Exploiting this vulnerability could allow a malicious actor to gain access to read and modify...

MAL-2025-191695 Malicious code in browser-history-analytics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e1ac674eaa856956dea531487502bd21a51f5324bdfcaf788645bbbb41eb27f5 When starting the server with expected functionality with potentially sensitive content, the package silently sends the location external IP to a remote...

The vulnerability of the formSetIptv() function (/goform/SetIPTVCfg) in the Tenda AC9 router’s microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formSetIptv /goform/SetIPTVCfg function in the Tenda AC9 router’s microprogramming software is related to the lack of measures taken to clean data at the control level when processing the list parameter. Exploiting this vulnerability can allow a remote attacker to...

The vulnerability of the getServerPayload method in the HPE StoreOnce VSA storage virtualized system allows a attacker to disclose protected information.

The vulnerability of the getServerPayload method in the HPE StoreOnce VSA storage virtualized environment is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to disclose protected information from ...

The vulnerability of the AdmissionPolicy and AdmissionPolicyGroup settings of the Kubernetes cluster’s kubewarden-controller controller allows a malicious actor to gain unauthorized access to modify data or expose protected information.

The vulnerability of the AdmissionPolicy and AdmissionPolicyGroup settings in the Kubernetes cluster kubewarden-controller is related to improper authorization. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to modify data or expose sensitive...

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function...

CVE-2023-28843

PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data,...

CVE-2023-21993

Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications component: Forms. The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical...

CVE-2023-1256

The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...

The vulnerability of the SNMPv3 implementation of SCALANCE W-700 IEEE 802.11ax industrial switches allows a intruder to alter the data representation type.

The vulnerability of the SNMPv3 implementation of SCALANCE W-700 IEEE 802.11ax switches is related to access control errors. Exploiting this vulnerability allows a remote attacker to alter the data representation type...

CVE-2021-2211

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP ...

CVE-2020-35929

In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data...

CVE-2019-6017

REMISE Payment Module 2.11, 2.12 and 2.13 version 3.0.12 and earlier allow remote attackers to DisclosedInformationtype via unspecified vectors...

CVE-2014-5250

Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via unspecified vectors...

CVE-2011-4867

The Tencent QQPhoto com.tencent.qqphoto application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application...

CVE-2011-4865

The Tencent WBlog com.tencent.WBlog 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application...

CVE-2004-2298

Novell Internet Messaging System NIMS 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator...