PT-2025-29601

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions prior to 8u451 Oracle GraalVM for JDK versions prior to 17.0.15 Oracle GraalVM Enterprise Edition versions prior to 21.3.14 Oracle Java SE versions 11.0.27 Oracle Java SE versions 17.0.15 Oracle Java SE versions 21.0.7...

PT-2025-28660 · Hewlett Packard · Hpe Networking Instant On Access Points

Name of the Vulnerable Software and Affected Versions: HPE Networking Instant On Access Points versions 3.2.0 and earlier HPE Aruba Instant On Access Points versions 3.2.0.1 and earlier Aruba Instant On APs versions 3.2.0 and earlier Description: HPE Networking and Aruba Instant On Access Points...

CVE-2024-37301

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

CVE-2023-21948

Vulnerability in the Oracle Solaris product of Oracle Systems component: Core. The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful...

CVE-2023-22014

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Portal. Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools...

CVE-2023-21896

Vulnerability in the Oracle Solaris product of Oracle Systems component: NSSwitch. Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...

CVE-2023-21985

Vulnerability in the Oracle Solaris product of Oracle Systems component: Utility. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...

CVE-2021-3243

Wfilter ICF 5.0.117 contains a cross-site scripting XSS vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function...

CVE-2021-2309

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

CVE-2021-2071

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Elastic Search. Supported versions that are affected are 8.56, 8.57 and 8.58. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2020-25243

A vulnerability has been identified in LOGO! Soft Comfort All versions V8.4. A zip slip vulnerability could be triggered while importing a compromised project file to the affected software. Chained with other vulnerabilities this vulnerability could ultimately lead to a system takeover by an...

CVE-2019-2832

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: Common Desktop Environment. The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes...

CVE-2019-2820

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: Gnuplot. The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise...

watchTowr Warns of Active Exploitation of SonicWall SMA 100 Devices

watchTowr reveals active exploitation of SonicWall SMA 100 vulnerabilities CVE-2024-38475 & CVE-2023-44221 potentially leading to full system takeover…...

Critical Commvault Flaw Allows Full System Takeover – Update NOW

Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to…...

Oracle Secure Backup 安全漏洞

Oracle Secure Backup is a solution from Oracle Corporation USA that provides reliable data protection by backing up file systems to tape. A security vulnerability exists in Oracle Secure Backup that stems from mishandling of the General component, which could lead to a system takeover. The...

Oracle MySQL 安全漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation USA. A security vulnerability exists in Oracle MySQL for MySQL Connectors versions 9.0.0 through 9.2.0, which stems from a flaw in the Connector/J component that could lead to a system takeover...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is a set of fully integrated global business management software from Oracle USA. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Scripting versions 12.2.3 throu...

Oracle Solaris 安全漏洞

Oracle Solaris is a UNIX operating system from Oracle Corporation USA. A security vulnerability exists in Oracle Solaris version 11 that stems from a flaw in a file system component that could lead to a system takeover...

Hewlett Packard Enterprise AOS 操作系统命令注入漏洞

Hewlett Packard Enterprise AOS HPE AOS is a network operating system for data centers, campuses, and edges from Hewlett Packard Enterprise USA. Hewlett Packard Enterprise AOS suffers from an operating system command injection vulnerability that stems from a vulnerability in the system binary that...