11 matches found
EUVD-2026-36475
The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...
PT-2026-38039
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...
openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...
Helmholz REX100 信任管理问题漏洞
Helmholz REX100 is a wireless router from Helmholz. A trust management issue vulnerability exists in Helmholz REX100 versions prior to 2.3.1, which stems from the inclusion of two hard-coded user accounts and hard-coded passwords, allowing an unauthenticated, remote attacker to take full control ...
CVE-2020-14859
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T...
CVE-2019-2729
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)
The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - Networking component of Enterprise Manager Base Platform Spring Framework is easily exploited and may allow an...
CVE-2018-3197
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server...
OpenJDK: insufficient access control checks in ThreadPoolExecutor (Libraries, 8172204)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2017-3260
Vulnerability in the Java SE component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...
PT-2017-1143 · Oracle · Oracle Fusion Middleware +1
Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1 Description: The issue is related to errors in security settings of the Core Components in Oracle Fusion Middleware. Exploitation of this issue can allow a remote...