CVE-2026-35249

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle V...

CVE-2026-27894

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

CVE-2026-27894

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

CVE-2026-27894 LAM has Authenticated Local File Inclusion (LFI) in PDF export

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with...

Linux Distros Unpatched Vulnerability : CVE-2022-39403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.30 and prior. Easily...

Linux Distros Unpatched Vulnerability : CVE-2022-39421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Easily...

Linux Distros Unpatched Vulnerability : CVE-2020-14711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.44, prior to...

PT-2025-34477 · Apache · Apache Streampark

Name of the Vulnerable Software and Affected Versions: Apache StreamPark versions 2.1.4 through 2.1.5 Description: A SQL Injection vulnerability exists in Apache StreamPark. This issue is present only in the distribution package SpringBoot platform and does not involve Maven artifacts. Exploitati...

PT-2024-22331 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.44.3 Zitadel versions 2.45.0 through 2.45.0 before 2.45.1 Zitadel versions prior to 2.46.0 Description: Zitadel is an open source identity management system that uses a cookie to identify the user agent and its use...

CVE-2023-4102

QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application...

PT-2023-27750 · Qsige · Qsige

Name of the Vulnerable Software and Affected Versions: QSige affected versions not specified Description: The QSige statistics are affected by a remote SQL injection vulnerability. The web application does not correctly filter input parameters, allowing SQL injections, Denial of Service DoS, or...

PT-2023-19233 · WordPress · Profilepress Membership Team Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress Membership Team ProfilePress plugin versions = 4.5.4 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability requires authentication and affects users with contributor or higher...

PT-2025-14787 · Xwiki · Xwiki Jira Extension

Name of the Vulnerable Software and Affected Versions: XWiki JIRA extension versions prior to 8.6.5 Description: The issue allows any logged-in XWiki user to potentially access and display local files on the XWiki server host by exploiting the JIRA macro. This can be achieved by specifying a fake...

Exploit for SQL Injection in Jflyfox Jfinal_Cms

CVE-2022-37207 CVE-2022-37207 POC Suggested description...

CVE-2021-2310

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

CVE-2020-27238

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

mysql-connector-java: privilege escalation in MySQL connector

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/J. Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise...

CVE-2020-16877

An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions. To exploit this vulnerability, an attacker...

PT-2020-4310 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: An elevation of privilege issue exists due to the Windows kernel-mode driver's failure to properly handle objects in memory. This could allow an attacker to run arbitrary code in kernel mod...

PT-2020-4253 · Microsoft · Windows Kernelstream +1

Name of the Vulnerable Software and Affected Versions: Windows KernelStream affected versions not specified Description: An information disclosure issue exists due to the Windows KernelStream's improper handling of objects in memory. This could allow an attacker to obtain information that could b...